Any information passed through the customer's browser
can potentially be modified by the customer, or even by third parties to
fraudulently alter the transaction data. Therefore all transactional
information should not be passed through the browser in
a way that could potentially be modified (e.g. hidden form fields).
Transaction data should only be accepted once from a browser at the
point of input, and then kept in a way that does not allow others
to modify it (e.g. database, server session, etc.). Any transaction
information displayed to a customer, such as amount, should be passed
only as display information and the actual transactional data should be
retrieved from the secure source at the point of processing the transaction.
Fields like return links back to the order page (AgainLink), titles, and any other non-transactional information are only included here in the example for information purposes. They do not apply to the transaction and do not have be included in production code orders.