PHP Help

[bradymills]

Hi,

 

It's been a while since I've been here -- Hope you are all well!

 

So, here's my question -- hopefully someone can help -- as I've been at this for hours and hours (days even).

 

Long story short, I'm updating inventory post-payment using Instant Payment Notification from Paypal. IPN is working, as I've set up an email script to confirm that IPN is hitting my .php file. Unfortunately, my database is not updating...

 

I have a feeling it's because of my use of the for loop. IPN sends back data from shopping cart as: item_number1=x, item_number2=x and of course this all depends on the num_cart_items. So, I thought a for loop would work best for inserting this information into the database -- but this could be really wacky code -- and I'm hoping someone can help.

 

Here's the code (all variables are being sent back through POST from Paypal):

<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
//


$num_cart_items = $_POST['num_cart_items'];
require_once ('mysql_connect.php');

for ($x=1; $x <= $num_cart_items; $x++ ) 
{ 
$txn_id = $_POST['txn_id'];
$item_number = $_POST['item_number' . $x .''];
$quantity = $_POST['quantity' . $x . ''];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payer_email = $_POST['payer_email'];


$query = "INSERT INTO inventory (txn_id, item_number, quantity, first_name, last_name, payer_email, order_date) VALUES ('$txn_id', '$item_number', '$quantity', '$first_name', '$last_name', '$payer_email', NOW())";
$result = @mysql_query ($query); //Run the query.
} 

$body = 'IPN HIT';
mail('[email protected]', "IPN HIT - POST", $body);
?>

 

Please tell me if I'm a complete idiot.

 

[bradymills]

well, i did notice one problem. my table column first_name was misspelled in mysql. I have corrected that and I'm awaiting a response from IPN to see if that corrected the issue.

 

Thanks

[laffin]

Please tell me if I'm a complete idiot.

 

Actually it looks good

item_number = $_POST['item_number' . $x .''];
$quantity = $_POST['quantity' . $x . ''];

 

I wudda opted for

item_number = $_POST["item_number$x"];
$quantity = $_POST["quantity$x"];

 

same result

 

to save some queries, ya can move the mysql_query outside the loop, and append the query string in the loop

$query .= "INSERT INTO inventory (txn_id, item_number, quantity, first_name, last_name, payer_email, order_date) VALUES ('$txn_id', '$item_number', '$quantity', '$first_name', '$last_name', '$payer_email', NOW());\n";

 

 

Nice job nonetheless

 

[laffin]

Oh, u shud santize the string values, as mysql may choke on those as well.

 

mysql_real_escape on these fields, $first_name = $_POST['first_name'];

$last_name = $_POST['last_name'];

$payer_email = $_POST['payer_email'];

 

[bradymills]

First, thank you for your answers.

 

So I should move this section

$result = @mysql_query ($query); //Run the query.

after the }, correct?

 

so I would end up with

 

$query = blah, blah, blah;

$query = blah, blah, blah;

$query = blah, blah, blah;

etc...

 

$result = blah, blah, blah

 

?

[bradymills]

and $var = mysql_real_escape($_POST['x']);

 

right?

[Stooney]

and $var = mysql_real_escape($_POST['x']);

 

right?

 

$var=mysql_real_escape_string($_POST['x']);

[laffin]

Thanks chris, Yep that's correct

 

[bradymills]

Thanks to you guys -- and some investigation of my database setup -- It is all working now. If anyone else would like to use this script to process information from IPN, feel free. You, of course, will have to update the variables you want to pull from your IPN response.

 

THANKS!!!! I love this forum.