There is a remote chance that people will try to tamper with your links, maybe changing the price or the description in order to fool you into selling something cheaper. You can stop this happening by posting an encrypted key of this data along with each link.


Each store has its own secure key which you can download from your Admin area. You can create the hash, the encypted key, for a product using either a javascript application you can pickup from Admin or one of the Buttton creators. It will generate a 32 character MD5 hash of the data you have entered. Include this in your links with the field name hash. For example for a form field:

<input type=hidden name=hash value=057195f2397d7b854ca7f34536cf8a51>

If you are using hyperlinks make sure that you don't use a URL encoded string to generate the hash. In other words use "My new product" not "My+new+product". Beware white spaces at the beginning and end of any of the fields. Anything like this will cause it to fail the test.

Finally, the verification of a link is based on the first ten characters of the description (product field) and any more are ignored by both the JS application and the live cart. If you are using a form to build up options then you need to make sure those first ten characters of the product's description are always the same whatever the option.


With addmulti.cfm script you must name the fields hash1, hash2, hash3 and so on. Note also that the verification routine behalves slightly differently. Specificaly the server will remove trailing 0s from the numbers such as the price. So you would need to enter them as 56.6 not 56.60 and 56 and not 56.00.

If your product description contains the reserved characters single quote ('), double quote (") or a backslash (\) then you will need to escape them with a backslash. For example you would enter "It\'s my description".

For the technical minded, in PHP you would calculate a hash:

$secret_key = "1f190a22037de1499b1d2d687ad0667b";
$product = "My description";
$price = "9.99";
$units = "0";

$description = substr(addslashes($product), 0, 10);
$hash = md5($secret_key . $description . $price . $units);

Finally, if you are using discountpr to set the price of the product then use the whole discountpr string when you generate the hash.