mraza Posted October 14, 2009 Share Posted October 14, 2009 Hello Team, please guys i am stuck from three days with paypal issue for IPN but no luck yet now i wants to do other method. i have used this form to send info to paypal and everything is working ok now what i wants is before i send this form to paypal it will be included to my database, i am not much familiar with it how to do that, here is the code for my checkout page: <h2>Checkout</h2> <?php if($_SESSION['cart']) { ?> <form action="index.php?view=update_cart" method="post"> <table id="items"> <thead> <tr> <th>Item</th> <th>Price</th> <th>Qty</th> <th>Subtotal</th> </tr> </thead> <tbody> <?php foreach($_SESSION['cart'] as $id => $qty): $product = find_product($id); ?> <tr> <td><?php echo $product['title']; ?></td> <td>£<?php echo number_format($product['price'],2); ?></td> <td><input type="text" size="2" name="<?php echo $id ?>" maxlength="2" value="<?php echo $qty; ?>" /></td> <td>£<?php echo number_format($product['price'] * $qty, 2); ?></td> </tr> <?php endforeach; ?> </tbody> </table> <p style="margin-left:235px"><input type="submit" name="update" value="update" /></p> </form> <center><h3>Please Enter Your Detail</h3></center> <table id="userdetail"> <tr><td align="right">First Name:</td><td><input type="text" name="firstname" /></td></tr> <tr><td align="right">Last Name:</td><td><input type="text" name="lastname" /></td></tr> <tr><td align="right">Email:</td><td><input type="text" name="email" /></td></tr> <tr><td align="right">Address:</td><td><textarea name="address"cols="30" rows="5"></textarea></td></tr> <tr><td align="right">Telephone No:</td><td><input type="text" name="phone" /></td></tr> </table> <center><h3>Your Payment Description</h3></center> <p><b>Subtotal:</b> £<?php echo number_format($_SESSION['total_price'],2); ?></p> <p><b>Shipping:</b> £ 2.50</p> <p><b>Grand Total:</b> £<?php echo number_format($_SESSION['total_price']+$shipping,2); ?></p> <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_cart"> <input type="hidden" name="upload" value="1"> <input type="hidden" name="business" value="myemail_12551_biz@hotmail.com"> <?php $i = 1; foreach($_SESSION['cart'] as $id => $qty): $product = find_product($id); ?> <input type="hidden" name="item_name_<?php echo $i; ?>" value="<?php echo $product['title']; ?>"> <input type="hidden" name="item_number_<?php echo $i; ?>" value="<?php echo $product['id']; ?>"> <input type="hidden" name="amount_<?php echo $i; ?>" value="<?php echo $product['price']; ?>"> <input type="hidden" name="quantity_<?php echo $i; ?>" value="<?php echo $qty; ?>"> <?php $i++; endforeach; ?> <input type="hidden" name="currency_code" value="GBP"> <input type="hidden" name="lc" value="GB"> <input type="hidden" name="rm" value="2"> <input type="hidden" name="shipping_1" value="2.50"> <input type="hidden" name="return" value="http://www.mysite.com/includes/index.php?view=thankyou"> <input type="hidden" name="cancel_return" value="http://www.mysite.com/"> <input type="hidden" name="notify_url" value="http://www.mysite.com/includes/paypal.php"> <input type="submit" name="pay now" value="pay" /> </form> <?php } else { echo '<p>your cart is empty... <a href="index.php">continue shopping</a></p>'; } ?> this all i wants to add in my datbase.... Please Please Please help me as soon as possible. Quote Link to comment Share on other sites More sharing options...
johnsmith153 Posted October 14, 2009 Share Posted October 14, 2009 So my understanding is that your current code submits information to payPal. You want to continue to do this, but also create a record in your own database. If this is correct, I suggest: 1. Submit the form to your own php script (not payPal), perform all relevant checks etc. 2. Add to your db. 3. Then send details to the payPal script using cURL. Quote Link to comment Share on other sites More sharing options...
mraza Posted October 14, 2009 Author Share Posted October 14, 2009 Yes that is what i want but i am not so familiar please please can you give a sample code to do this please i really appericiate. Best wishes Quote Link to comment Share on other sites More sharing options...
johnsmith153 Posted October 14, 2009 Share Posted October 14, 2009 I can give you the best I can in 5 minutes or so, but this would take a bit of time to post a full script - and I don't have that time, sorry. You need to be posting values to your own file, so instead of: https://www.sandbox.paypal.com/cgi-bin/webscr ...it would go to: https://www.yoursite.com/youfile.php Then in yourfile.php you would receive all the variables in the first form: (variables such as firstname, lastname etc.) Then you would do two things: (1) check them etc. and insert into a database (look into mysql) (2) send them out using cURL so the payPal script receives them exactly as it would have done if a human had posted the form. The syntax for this would be something like: $URL="www.sandbox.paypal.com/cgi-bin/webscr";//send to same place $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"https://$URL"); curl_setopt($ch, CURLOPT_POST, 1); //see list of variables below curl_setopt($ch, CURLOPT_POSTFIELDS, "firstname=dave&lastname=brown&var2=hello");curl_exec ($ch); curl_close ($ch); If you have average php or better you will now be able to do this easily. If your php is less than average you will need even more help I am afraid. Quote Link to comment Share on other sites More sharing options...
mraza Posted October 14, 2009 Author Share Posted October 14, 2009 i am a beginner but anyways thanks for your help wish anyone could give me a code for this... i am trying to do but everytime something is messing here... Quote Link to comment Share on other sites More sharing options...
zq29 Posted October 14, 2009 Share Posted October 14, 2009 i am a beginner but anyways thanks for your help wish anyone could give me a code for this... i am trying to do but everytime something is messing here... Why not post up what you have done, with an explanation of what it is doing, and what it should be doing. We can then point you in the right direction, rather than doing it for you. Quote Link to comment Share on other sites More sharing options...
mraza Posted October 14, 2009 Author Share Posted October 14, 2009 sorry sir but here is what i tried to do , i know i am noob :-\ help <h2>Checkout</h2> <?php if($_SESSION['cart']) { //connect to database db_connect(); if(isset($_POST['submit'])){ $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $email = $_POST['email']; $address = $_POST['address']; $phone = $_POST['phone']; $product = $product['title']; $price = $product['price']; $amount = $product['price'] * $qty; $result = mysql_query("INSERT INTO purchase (firstname, lastname, email, address, phone, product, price, amount, created_at) VALUES ($firstname, $lastname, $email, $address, $phone, $product, $price, $amount, now())")or die(mysql_error()); header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr'); } ?> <form action="index.php?view=update_cart" method="post"> <table id="items"> <thead> <tr> <th>Item</th> <th>Price</th> <th>Qty</th> <th>Subtotal</th> </tr> </thead> <tbody> <?php foreach($_SESSION['cart'] as $id => $qty): $product = find_product($id); ?> <tr> <td><?php echo $product['title']; ?></td> <td>£<?php echo number_format($product['price'],2); ?></td> <td><input type="text" size="2" name="<?php echo $id ?>" maxlength="2" value="<?php echo $qty; ?>" /></td> <td>£<?php echo number_format($product['price'] * $qty, 2); ?></td> </tr> <?php endforeach; ?> </tbody> </table> <p style="margin-left:235px"><input type="submit" name="update" value="update" /></p> </form> <center><h3>Please Enter Your Detail</h3></center> <table id="userdetail"> <tr><td align="right">First Name:</td><td><input type="text" name="firstname" /></td></tr> <tr><td align="right">Last Name:</td><td><input type="text" name="lastname" /></td></tr> <tr><td align="right">Email:</td><td><input type="text" name="email" /></td></tr> <tr><td align="right">Address:</td><td><textarea name="address"cols="30" rows="5"></textarea></td></tr> <tr><td align="right">Telephone No:</td><td><input type="text" name="phone" /></td></tr> </table> <center><h3>Your Payment Description</h3></center> <p><b>Subtotal:</b> £<?php echo number_format($_SESSION['total_price'],2); ?></p> <p><b>Shipping:</b> £ 2.50</p> <p><b>Grand Total:</b> £<?php echo number_format($_SESSION['total_price']+$shipping,2); ?></p> <form action="index.php" method="post"> <input type="hidden" name="cmd" value="_cart"> <input type="hidden" name="upload" value="1"> <input type="hidden" name="business" value="myemail_12551_biz@hotmail.com"> <?php $i = 1; foreach($_SESSION['cart'] as $id => $qty): $product = find_product($id); ?> <input type="hidden" name="item_name_<?php echo $i; ?>" value="<?php echo $product['title']; ?>"> <input type="hidden" name="item_number_<?php echo $i; ?>" value="<?php echo $product['id']; ?>"> <input type="hidden" name="amount_<?php echo $i; ?>" value="<?php echo $product['price']; ?>"> <input type="hidden" name="quantity_<?php echo $i; ?>" value="<?php echo $qty; ?>"> <?php $i++; endforeach; ?> <input type="hidden" name="currency_code" value="GBP"> <input type="hidden" name="lc" value="GB"> <input type="hidden" name="rm" value="2"> <input type="hidden" name="shipping_1" value="2.50"> <input type="hidden" name="return" value="http://www.mysite.com/includes/index.php?view=thankyou"> <input type="hidden" name="cancel_return" value="http://www.mysite.com/"> <input type="hidden" name="notify_url" value="http://www.mysite.com/includes/paypal.php"> <input type="submit" name="pay now" value="pay" /> </form> <?php } else { echo '<p>your cart is empty... <a href="index.php">continue shopping</a></p>'; } ?> Quote Link to comment Share on other sites More sharing options...
yettti Posted October 14, 2009 Share Posted October 14, 2009 Your script is not protected against SQL injection... your inputs are not sanitized which means that your SQL query could be manipulated... you probably want to look up "mysql_real_escape_string" at the moment your query could be altered... have a look at this. INSERT INTO purchase (firstname, lastname, email, address, phone, product, price, amount, created_at) VALUES ($firstname, $lastname, $email, $address, $phone, $product, $price, $amount, now()) say the user changed the value of $amount for example $amount = "blah ) ; DROP TABLES... ... we all know what drop tables could do your going to want to change your query so that the input is surrounded by ' example : ('$firstname', '$lastname', '$email', '$address' and then run your vars through mysql_real_escape_string example: $firstname = mysql_real_escape_string($firstname); Sorry to have gone abit off topic but this is really important, without doing these types of validation you open your site up to a very dangerous exploit that can lead to a complete nightmare Quote Link to comment Share on other sites More sharing options...
mraza Posted October 14, 2009 Author Share Posted October 14, 2009 thank you yettti i got it... Quote Link to comment Share on other sites More sharing options...
johnsmith153 Posted October 14, 2009 Share Posted October 14, 2009 Just doing: header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr'); ...won't work in terms of payPal - payPal will just receive blank values. You must POST values to the script, and cURL is really the only way to do it. Quote Link to comment Share on other sites More sharing options...
mraza Posted October 16, 2009 Author Share Posted October 16, 2009 Thanks for the help guys all done.... i used cURL method.. took me three days to understand but finally got it working... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.