Jump to content

[SOLVED] need help to creat database

mraza

By mraza
in PHP Coding Help

 Share

Recommended Posts

mraza Regular Member

mraza

Posted
Posted

Hello Team, please guys i am stuck from three days with paypal issue for IPN but no luck yet now i wants to do other method. i have used this form to send info to paypal and everything is working ok now what i wants is before i send this form to paypal it will be included to my database, i am not much familiar with it how to do that, here is the code for my checkout page:

<h2>Checkout</h2>

<?php 
  if($_SESSION['cart'])
{
?>
<form action="index.php?view=update_cart" method="post">

<table id="items">
  <thead>
  <tr>
	  <th>Item</th>
		<th>Price</th>
		<th>Qty</th>
		<th>Subtotal</th>
	 </tr>
 </thead>
   <tbody>
   <?php foreach($_SESSION['cart'] as $id => $qty): 
        $product = find_product($id);
    ?>
   <tr>
      <td><?php echo $product['title']; ?></td>
		<td>£<?php echo number_format($product['price'],2); ?></td>
	  <td><input type="text" size="2" name="<?php echo $id ?>" maxlength="2" value="<?php echo $qty; ?>" /></td>
		<td>£<?php echo number_format($product['price'] * $qty, 2); ?></td>
	</tr>
	<?php endforeach; ?>
	</tbody>
</table>	

 <p style="margin-left:235px"><input type="submit" name="update" value="update" /></p>

</form>

<center><h3>Please Enter Your Detail</h3></center>
<table id="userdetail">
<tr><td align="right">First Name:</td><td><input type="text" name="firstname" /></td></tr>
<tr><td align="right">Last Name:</td><td><input type="text" name="lastname" /></td></tr>
<tr><td align="right">Email:</td><td><input type="text" name="email" /></td></tr>
<tr><td align="right">Address:</td><td><textarea name="address"cols="30" rows="5"></textarea></td></tr>
<tr><td align="right">Telephone No:</td><td><input type="text" name="phone" /></td></tr>
</table>
<center><h3>Your Payment Description</h3></center>
<p><b>Subtotal:</b> £<?php echo number_format($_SESSION['total_price'],2); ?></p>
<p><b>Shipping:</b> £ 2.50</p>
<p><b>Grand Total:</b> £<?php echo number_format($_SESSION['total_price']+$shipping,2); ?></p>

<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="[email protected]">

<?php 
  $i = 1;
  foreach($_SESSION['cart'] as $id => $qty): 
  $product = find_product($id);
?>

<input type="hidden" name="item_name_<?php echo $i; ?>" value="<?php echo $product['title']; ?>">
<input type="hidden" name="item_number_<?php echo $i; ?>" value="<?php echo $product['id']; ?>">
<input type="hidden" name="amount_<?php echo $i; ?>" value="<?php echo $product['price']; ?>">
<input type="hidden" name="quantity_<?php echo $i; ?>" value="<?php echo $qty; ?>">

<?php 
  $i++;
  endforeach; 
?>
<input type="hidden" name="currency_code" value="GBP">
<input type="hidden" name="lc" value="GB">
<input type="hidden" name="rm" value="2"> 
<input type="hidden" name="shipping_1" value="2.50">
<input type="hidden" name="return" value="http://www.mysite.com/includes/index.php?view=thankyou">
<input type="hidden" name="cancel_return" value="http://www.mysite.com/">
<input type="hidden" name="notify_url" value="http://www.mysite.com/includes/paypal.php">
<input type="submit" name="pay now" value="pay" />
</form>
<?php 
}
else
{
	 echo '<p>your cart is empty... <a href="index.php">continue shopping</a></p>';
}
?>

 

this all i wants to add in my datbase.... Please Please Please help me as soon as possible.

Link to comment
https://forums.phpfreaks.com/topic/177653-solved-need-help-to-creat-database/
Share on other sites
johnsmith153 Advanced Member

johnsmith153

Posted
Posted

So my understanding is that your current code submits information to payPal.

 

You want to continue to do this, but also create a record in your own database.

 

If this is correct, I suggest:

 

1. Submit the form to your own php script (not payPal), perform all relevant checks etc.

 

2. Add to your db.

 

3. Then send details to the payPal script using cURL.

johnsmith153 Advanced Member

johnsmith153

Posted
Posted

I can give you the best I can in 5 minutes or so, but this would take a bit of time to post a full script - and I don't have that time, sorry.

 

You need to be posting values to your own file, so instead of:

https://www.sandbox.paypal.com/cgi-bin/webscr

...it would go to:

https://www.yoursite.com/youfile.php

 

Then in yourfile.php you would receive all the variables in the first form: (variables such as firstname, lastname etc.)

 

Then you would do two things:

 

(1) check them etc. and insert into a database (look into mysql)

 

(2) send them out using cURL so the payPal script receives them exactly as it would have done if a human had posted the form. The syntax for this would be something like:

 

$URL="www.sandbox.paypal.com/cgi-bin/webscr";//send to same place
$ch = curl_init();    
curl_setopt($ch, CURLOPT_URL,"https://$URL");  
curl_setopt($ch, CURLOPT_POST, 1); 
//see list of variables below
curl_setopt($ch, CURLOPT_POSTFIELDS, "firstname=dave&lastname=brown&var2=hello");curl_exec ($ch);   
curl_close ($ch);

 

If you have average php or better you will now be able to do this easily. If your php is less than average you will need even more help I am afraid.

zq29 Advanced Member

zq29

Posted
Posted

i am a beginner but anyways thanks for your help wish anyone could give me a code for this... i am trying to do but everytime something is messing here...

 

Why not post up what you have done, with an explanation of what it is doing, and what it should be doing. We can then point you in the right direction, rather than doing it for you.

mraza Regular Member

mraza

Posted
  • Author
Posted

sorry sir but here is what i tried to do , i know i am noob :-\  ::):( help

<h2>Checkout</h2>

<?php 
  if($_SESSION['cart'])
   {
      //connect to database 
   	db_connect();
if(isset($_POST['submit'])){

	$firstname = $_POST['firstname'];
	$lastname = $_POST['lastname'];
	$email = $_POST['email'];
	$address = $_POST['address'];
	$phone = $_POST['phone'];
	$product = $product['title'];
	$price = $product['price'];
	$amount = $product['price'] * $qty;

	$result = mysql_query("INSERT INTO purchase (firstname, lastname, email, address, phone, product, price, amount, created_at) VALUES 
							($firstname, $lastname, $email, $address, $phone, $product, $price, $amount, now())")or die(mysql_error());

	 header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr');
	}
?>
<form action="index.php?view=update_cart" method="post">

<table id="items">
  <thead>
     <tr>
        <th>Item</th>
         <th>Price</th>
         <th>Qty</th>
         <th>Subtotal</th>
       </tr>
    </thead>
   <tbody>
      <?php foreach($_SESSION['cart'] as $id => $qty): 
           $product = find_product($id);
       ?>
      <tr>
      <td><?php echo $product['title']; ?></td>
         <td>£<?php echo number_format($product['price'],2); ?></td>
        <td><input type="text" size="2" name="<?php echo $id ?>" maxlength="2" value="<?php echo $qty; ?>" /></td>
         <td>£<?php echo number_format($product['price'] * $qty, 2); ?></td>
      </tr>
      <?php endforeach; ?>
      </tbody>
   </table>   
   
    <p style="margin-left:235px"><input type="submit" name="update" value="update" /></p>
   
   </form>

   <center><h3>Please Enter Your Detail</h3></center>
   <table id="userdetail">
   <tr><td align="right">First Name:</td><td><input type="text" name="firstname" /></td></tr>
   <tr><td align="right">Last Name:</td><td><input type="text" name="lastname" /></td></tr>
   <tr><td align="right">Email:</td><td><input type="text" name="email" /></td></tr>
   <tr><td align="right">Address:</td><td><textarea name="address"cols="30" rows="5"></textarea></td></tr>
   <tr><td align="right">Telephone No:</td><td><input type="text" name="phone" /></td></tr>
   </table>
   <center><h3>Your Payment Description</h3></center>
   <p><b>Subtotal:</b> £<?php echo number_format($_SESSION['total_price'],2); ?></p>
   <p><b>Shipping:</b> £ 2.50</p>
   <p><b>Grand Total:</b> £<?php echo number_format($_SESSION['total_price']+$shipping,2); ?></p>

   <form action="index.php" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="[email protected]">

<?php 
  $i = 1;
  foreach($_SESSION['cart'] as $id => $qty): 
  $product = find_product($id);
?>

<input type="hidden" name="item_name_<?php echo $i; ?>" value="<?php echo $product['title']; ?>">
<input type="hidden" name="item_number_<?php echo $i; ?>" value="<?php echo $product['id']; ?>">
<input type="hidden" name="amount_<?php echo $i; ?>" value="<?php echo $product['price']; ?>">
<input type="hidden" name="quantity_<?php echo $i; ?>" value="<?php echo $qty; ?>">

<?php 
  $i++;
  endforeach; 
?>
<input type="hidden" name="currency_code" value="GBP">
<input type="hidden" name="lc" value="GB">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="shipping_1" value="2.50">
<input type="hidden" name="return" value="http://www.mysite.com/includes/index.php?view=thankyou">
<input type="hidden" name="cancel_return" value="http://www.mysite.com/">
<input type="hidden" name="notify_url" value="http://www.mysite.com/includes/paypal.php">
<input type="submit" name="pay now" value="pay" />
</form>
<?php 
   }
   else
   {
       echo '<p>your cart is empty... <a href="index.php">continue shopping</a></p>';
   }
?>

yettti Newbie

yettti

Posted
Posted

Your script is not protected against SQL injection...

 

your inputs are not sanitized which means that your SQL query could be manipulated...

 

you probably want to look up "mysql_real_escape_string"

 

at the moment your query  could be altered... have a look at this.

INSERT INTO purchase (firstname, lastname, email, address, phone, product, price, amount, created_at) VALUES 
							($firstname, $lastname, $email, $address, $phone, $product, $price, $amount, now())

 

say the user changed the value of $amount

 

for example

$amount = "blah ) ; DROP TABLES...

... we all know what drop tables could do :(

 

your going to want to change your query so that the input is surrounded by '

example :  

('$firstname', '$lastname', '$email', '$address'

 

and then run your vars through mysql_real_escape_string

 

example:

$firstname = mysql_real_escape_string($firstname);

 

Sorry to have gone abit off topic but this is really important, without doing these types of validation you open your site up to a very dangerous exploit that can lead to a complete nightmare

 

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.