E-commerce transaction - PHP

I have not worked with web technologies , so this may seem like a naive question.

I am trying to fix one of the issues on our webpages, this page is responsible for creating and sending an e-commerce transaction to sagepay. The problem is , all the fields it has are filled via _GET variable; which a user can easily modify on the URL before a transaction is actually made. An option would be to go via _POST, but it is still possible to modify and avert actual charges.

Hence i am looking for a mechanism which can help me pass this variables securely across to another page or perhaps t开发者_如何学Gohe same page even. I am considering using a database to temporarily store these values, but i would like to hear what is the optimal way of going about such a problem.

You should keep them either in the database or in the SESSION variable.

In e-commerce charges, sub total, grand total etc generally stored in the database with the other required info such as items, quantity in the form of an order.

You could keep them in session variable and when customer say Payment, You can store those values in database as order.