WhiteRau

i just use the PayPal webscr. check out this tutorial, it's pretty cool : http://freelanceswitch.com/money/making-a-paypal-form-tutorial/ apparently you can pass a variable to the webscr and it'll just return it when the transaction is complete... WR!

i'm need to retrieve a session after i've collected the data and went to PayPal (...urk...) i think i'm starting off correctly... but how the hell do i get the session name on the other side? $uuid = uniqid(); session_name = $uuid; session_start(); // do some stuff // go to PayPal // come back from PayPal ....um... now i'm lost! how do i get the $uuid here?? once i come back from PayPal... this is where i get lost. how do i load a UUID-based session if i can't get the $uuid? and if there's a better way, by all means let me know! someone said i could pass the $uuid through PayPal, but i'm not seeing how yet... TIA gang! WR!

i see. the variables evaluated correctly BUT they needed to be quoted. got it. thanks you two! WR!

here's the code: $companyName = 'big company'; $address1 = 'big bay #8'; $address2 = 'some big warehouse'; $city = 'big city'; $province = 'AB'; $postalCode = 'T1T0N0'; $phone = '0123456789'; $email2 = 'bigKahuna@bigKahuna.edu'; $query = "INSERT INTO clients ( companyName, address1, address2, city, province, postalCode, phone, email) VALUES ( ". $companyName.",".$address1.",".$address2.",".$city.",".$postalCode.",".$phone.",".$email2.")"; $result = mysql_query($query, $connexion); if ($result) { // Success! echo "Fabulous! check the DB, we did it! <br>"; ?> <pre> <?php print_r($result); ?> </pre> <?php } else { // Fail! echo"CRAAAAAPP! something went wrong. FIX IT! <br>"; echo mysql_error(); } if (isset($connexion)) { mysql_close($connexion); } i copied it over from an old *working* file to illustrate how a simple INSERT works. this is the error i get: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'company,big bay #8,some big warehouse,big city,T1T0N0,0123456789,bigKahuna@bigKa' at line 4 looks completely valid to me. all the database table elements are set to VARCHAR(80), so it can't be a space/type issue... halp! WR!

@ddubs: sounds like a great solution, actually. i believe PayPal allows passing a 'custom' field that can then be sent back. i'll look into that. thanks! now i just have to figure out how to take the <form>'s $_POST array and get it into the $_SESSION... i wish you could have a $_SESSION option in the <form> method... thanks guys. if i have more questions regarding this topic, i'll return! WR!

client is one of those 'techno-capable hobby' types... as for the session data, i didn't know for sure if that was the case, so i came here. i've never interrupted flow in a site like this before and so when my well-meaning colleague mentioned that i'd lose the $_SESSION data if i left the domain...ignorance won. in which case, i may have another few questions based on what he's told me... argh. so what i'm hearing you say is that this, in fact, is untrue. the session should remain available? WR!

hey gang: i have a number of variables stored in the $_SESSION array and wanted to know how i can keep them handy for use AFTER PayPal has done it's thing. to help clarify, the desired process here is client fills out form. clicks PayPal button. form data is then used to create some documents which are then sent to client. i have the flow working but without the PayPal part because i'm not sure how to preserve the form data while PayPal does it's thing so i can use it when PayPal is done. am i making sense? i'd like to steer away from client-side cookies because of security issues and our paranoid client insists on it... bah. first the JSON shuffle from JavaScript to PHP and now this PayPal mess. :-\ any help is MOST welcome. TIA! WR!

@btherl: brilliant. thank you. i suspected it would be something along those lines, but i wanted to be sure. this headcold is making me stupid... thank you so much. WR!

hello! in my header.php file i have the following line of code: <link rel="stylesheet" href="<?php echo $pageCSS; ?>"> in the document proper, i have the following at the top of the page: <?php $pageCSS="_css/compare.css"; ?> this works as expected and it's clean and neat. what i want to know is how i can adapt this to pass MULTIPLE JavaScript files through it. would it be best to pass an array of files and then step through the array? would be nice to be able to pass a simple comma-delimited list. any help would be appreciated. WR!

good to know. i thought the quotes were implied with the strings. thank you so much. WR!

okay. first, thanks for your replies. what i'm understanding is you're saying i should do this: $query .= "VALUE " . $firstName . ", " . $lastName . ", " . $whathappen ...and so on.... is that right? i purposely used double quotes and enclosed the variables with curly braces so it would parse the variable inline... why wouldn't that work? and i already escaped the vars, but thanks for the helpful reinforcer! WR!

why is this error generated from the subsequent code? all values are $_POST retrieved strings dumped into a varchar table column. i checked all variable names, &c. $connexion = mysql_connect(HOST, LOGIN, PASS); if (!$connexion) { die('database connexion failed: ' . mysql_error()); } $dbselexion = mysql_select_db('someDB'); if (!$dbselexion) { die('database selexion failed: ' . mysql_error()); } $query = "INSERT INTO someTable "; $query .= "(first_name, last_name, when_happened, how_long, how_many, "; $query .= "description, did_what, was_spotted, other, email) "; $query .= "VALUES ({$firstName}, {$lastName}, {$whenhappen}, {$howlong}, {$howmany}, "; $query .= "{$desc}, {$didwhat}, {$wasseen}, {$other}, {$email})"; $result = mysql_query($query); if (!$result) { die('database query failed: ' . mysql_error()); } if you need more information, let me know. TIA! WR!

i'd qualify your submission with a hidden hash check. set a $_SESSION['checkValid'] variable earliy in your process that you pass along. then check that it is passed along when success.php gets called and then pass that same variable through some convolution, like an SHA1-256 or whatever and see if the convoluted variable result matches the stored expected result. then, even if they do post view source and have the item_id, without the correct $_SESSION['checkValid'] value...no processing takes place. even if they fake it, so it passes an 'isset' check, it will fail the convolution check. because your convolution is server-side, they won't see it, can't access it and so...fail! and your convolve formula could be something simple like an SHA1-256 then reversed. anyway. that's a 'quick-n-dirty' solution that ought to work. if you want, check the sticky What's The Point of MD5? WR!

i want to club myself like a baby seal... sorry. that was a stupid mistake. issue closed... for good this time... WR!

okay... i lied. this DOES NOT work: <?php $fileHandler = fopen("someFile.txt", 'w') or die ("could not create file"); $text = <<<END what the heck? this should work! _END; fwrite($fileHandler, $text) or die ("could not write to file"); fclose($fileHandler); echo "File 'someFile.txt' written successfully"; ?> and it should... what's wrong? WR!