Jump to content

PHP Paypal Sandbox

Lch

By Lch
in Applications

 Share

Recommended Posts

Lch Newbie

Lch

Posted
Posted

Hi guys I am now current trying to implement Paypal sandbox in my website for testing. I used the form generated by Paypal and it worked. However, I wish to make it more secure by verifying the POST details against my database first before posting to Paypal. I have read on the internet for a few days and download a few sample codes to try out, however I still dun understand how it works. The thing I read on is IPN (Instant Payment Notification) for Paypal. Am I reading the right thing? If I am can anyone help me out cause I do not really understand part of it.

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

i'm guess that you mean you tried using generated buy now/add to cart/check out buttons and you would like to change this so that the cart is built on your site, with the contents being stored in a database, then when the cart is finalized, you display the complete cart contents in a form that paypal expects, with a check out button that takes the visitor to the paypal site to finalize the order?

 

if so, you would write (or find a script) to implement the cart on your site, then see the paypal cart upload command to submit the cart information and take the visitor to the paypal site -  https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/cart_upload/

Link to comment
Share on other sites
Lch Newbie

Lch

Posted
  • Author
Posted

i'm guess that you mean you tried using generated buy now/add to cart/check out buttons and you would like to change this so that the cart is built on your site, with the contents being stored in a database, then when the cart is finalized, you display the complete cart contents in a form that paypal expects, with a check out button that takes the visitor to the paypal site to finalize the order?

 

if so, you would write (or find a script) to implement the cart on your site, then see the paypal cart upload command to submit the cart information and take the visitor to the paypal site -  https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/cart_upload/

Erm nope. I am not trying to make a cart. I currently have the Paypal payment form and it's working. However I wished to make it more secure by checking the details of the form against my database details before it is posted to Paypal. 

Link to comment
Share on other sites
fastsol Regular Member

fastsol

Posted
Posted

I understand completely what you are trying to do.  I honestly don't know how to take the $_POST info, verify it and then send to a specific url like paypal.  I would imagine you could use something like curl to send it after verification but my knowledge in that is limited.  What I actually do in my cms I built is just let the transaction take place and then in the admin panel I have the trans flagged if the numbers don't match up when the IPN posts the data back to me.

 

So basically when the IPN sends you the info, you do all your checks there instead and simply flag the trans if it doesn't add up to your calculations.  I would generally say that anyone that is willing to give you money via paypal isn't generally going to know how to mess with the code.  Plus paypal always sends you an invoice email for each trans anyway, you could easily verify that an amount paid doesn't look correct to what you actually charge. 

Link to comment
Share on other sites
davidannis Regular Member

davidannis

Posted
Posted

You get a bunch of data from PayPal via IPN. It comes as $_POST. First step is to sanitize that data and send it back to them via curl and they will verify that they sent it. (They provide sample code that does that). In their sample code the curl response is stored in $res. First you look for VERIFIED at the start of $res. If $res is not VERIFIED -- log the transaction and investigate. If the data you got is what they sent you can compare the various values to what you were expecting to get. I would look at payment_status to make sure it shows completed and mc_gross (how much the total transaction was for) mc_currency. I use a pass through variable invoice that I pass a unique value to them and they pass it back to match the transaction in my database. They warn you to do your DB updates after the curl verification because it times out pretty quickly if they send data and are not asked for a confirm. A complete list of all the data that they may send you is at https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNandPDTVariables/

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.