I have to build a simple yet secure shopping cart and I would like to add some Ajax to make it nicer. Basically when I click an 'add to cart' button, jQuery sends the ID of the product to Php, store all the IDs in a SESSION array, retrieve the product details from a DB based on the IDs, send back to jQuery and refresh the cart without reloading the page. So far so good, but my main concern is about security. I've seen people who demonstrated they could buy a lot of products and then change the 'total' value, arriving at PayPal checkout and having to pay only 1$(this is an example). The way I described, is there any chance for the client to change the price value ? jQuery will only display the result of the Php response, yet I'm still worried that the price could be changed via client. If yes, what's the method to prevent this ?
I want to point out that I really want this to work with Ajax so I don't have to redirect the clients when shopping.
Thank you.
Edit: What if I store the current items in the cart in a DB table, is this still dangerous ?
If yes, whats the best method of doing it and still use JS Ajax ?