How to ensure security when writing payment in PHP

Depending on the type of payment, the payment process is also different. According to me, the most popular online payment processes currently include the following categories:

1. Online banking, such as China Merchants Bank Payment, ICBC Payment, Western Union Express, etc.

2. Comprehensive electronic wallets such as Alipay, Kuaiqian, Yibao, PAYPAL, MONEYBOOKERS, Facebook Credits, etc.

3. Virtual and real cards Shenzhouxing, MYCRAD, GASH, Junwang Card, Kunlun Card , MOL, etc.

4. Landline voice type, such as Hangzhou Qishun, DAOPAY, etc.

5, Mobile phone text message type, such as UMC, MOPAY, ATLAS, ONEBIP, BOKU, ZONG, etc.

6. Offer category like offerpal, SponserPay, etc.

is divided into payment system development and payment system access: the design methods of each type are different, let me talk about what I know Notes:

1. Only provide necessary interfaces, and strict input control is required for each interface parameter to prevent SQL injection, XSS, and CSRF

2. Use HTTPS Encrypted transmission

3. Each request must have encryption verification. It is best to directly encrypt the transmitted parameter values. Each request is time-sensitive and will become invalid upon expiration.

4. Anti-concurrency control, especially for card payment systems, because requests are completed in real time.

5. Transaction processing, the payment process involves many steps, and you need to reply when something goes wrong. Roll

6. IP restrictions

7. Each payment requires an order

8. Each order has a time attribute, so the table can be designed by Monthly sub-table

9. Concurrent notification capabilities and repeated notifications of asynchronous notifications; this is very important

10. Provide order CHECK interface and quick reconciliation interface as much as possible

11. Monitor alarms, statistics, reports, etc.

12. How to enable partners to cooperate quickly and easily during shutdown maintenance

13. In terms of stability, load balancing, CACHE HA, etc.

Recommended tutorial: PHP video tutorial

The above is the detailed content of How to ensure security when writing payment in PHP. For more information, please follow other related articles on the PHP Chinese website!