SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2012
    Location
    BD
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Paypal Payment successful but no data Inserted on my database. help me please

    Hello,
    I am facing problem with paypal payment system . I created a system where users can upload fund by paypal. after payment successfull my website database will load with those data but its not happaning. while users payment successfull there is no data in my database. i am providing you all code. please help me for that. Thank you in advance

    HTML CODE IS :

    Code:
                    <form action='https://www.paypal.com/cgi-bin/webscr' method='post'  name="form" id="form">
                        <input type='hidden' name='business' value='seshies@gmail.com'>
                        <input type='hidden' name='cmd' value='_xclick'>
    
                        <input type='hidden' name='item_name' value='Recharge For My Unlock Factory Account'>
    					<tr>
    					<th>Valid E-Mail * : </th>
    					<td><input type="text" name='item_number' class="textfield"/></td>
    					</tr>
    
    					<tr>
    					<th>Amount * : </th>
    					<td><input type="text" name="amount" class="textfield"/></td>
    					</tr>
    
                        <input type='hidden' name='no_shipping' value='1'>
                        <input type='hidden' name='currency_code' value='USD'>
                        <input type='hidden' name='handling' value='0'>
                        <input type='hidden' name='cancel_return' value='http://http://www.unlockphones.org/payment-cancel'>
                        <input type='hidden' name='return' value='http://http://www.unlockphones.org/payment-success'>
    
    
        <tr>
          <td>&nbsp;</td>
          <td>         <input type="submit" style="margin-top:0px;" name="Submit" value="Buy Through Paypal" class="tsc_buttons2 red"/></td>
        </tr>
    </form>
    PHP CODE IS :

    PHP Code:
    //if user id and username not !=
    $u_email $_GET['item_number'];
    $uid $_SESSION['SESS_MEMBER_ID'];
    $username=$_SESSION['user'];
    $item_transaction $_GET['tx'];
    $amount $_GET['amt'];
    $status="Paid";
    //select user and update money
    $result mysql_query("SELECT * FROM users WHERE uid='$uid'");
    while(
    $row mysql_fetch_array($result)){
    $money=$row["antu_money"];
        
    mysql_query("UPDATE users SET antu_money=$money + $amount WHERE uid='$uid'");
    }
    //insert data into table because payment successful
      
    $result mysql_query("INSERT INTO antu_recharge(antu_email, antu_uid, antu_uname, antu_date, antu_trid, antu_amnt, antu_status) VALUES('$u_email', '$uid','$username', NOW(), '$item_transaction','$amount','$status')");
     

    echo 
    '<div id="login_content">';

    echo 
    '<div id="error_req">';
     echo 
    "<h1>Welcome, $username</h1>";
      echo 
    '<h1>Payment Successful</h1>';
      echo 
    "<meta http-equiv='refresh' content='5;url=recharge-history'>";
    echo 
    '</div>';
    echo 
    '</div>';

    }



    ?> 

  2. #2
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Location
    Poole, Dorset, United Kingdom
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Are you using Paypal IPN to let paypal talk to your server and update your database. If you not let me know and I'll let you have the code

  3. #3
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I presume your 'success' page is named 'index.php'

    Your return address and 'cancel-return' has a typo:

    <input type='hidden' name='return' value='http://http://www.unlockphones.org/payment-success'>
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  4. #4
    SitePoint Enthusiast
    Join Date
    Sep 2012
    Location
    BD
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i am not using paypal IPN please let me details and please give me the code. i am new with paypal payment system. @steve thank you

  5. #5
    SitePoint Enthusiast
    Join Date
    Sep 2012
    Location
    BD
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    mouse tnx thats really helpfull for me. my site is not now on that link. tnx a lot. @mouse

  6. #6
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,394
    Mentioned
    147 Post(s)
    Tagged
    4 Thread(s)
    Code:
                        <input type='hidden' name='cancel_return' value='http://http://www.unlockphones.org/payment-cancel'>
                        <input type='hidden' name='return' value='http://http://www.unlockphones.org/payment-success'>
    There is an error in these two urls.
    I don't know about Paypal, but if I put those links in my browser, I get a http.com page with ads.

    There are also a couple of things that I don't like in your code:
    1) you should use mysql_i or pdo instead of mysql_ to do your DB stuff, because mysql_ is deprecated: http://www.php.net/manual/en/intro.mysql.php
    2) you don't do any validation and sanitizing of the $_GET data? That leaves you vulnerable for injection attacks. I'm sure there's a way to be sure the script is being called by paypal, and not simply by someone that put the link to the script in his browser, adding the GET data by hand?
    3) uid is unique? Then there's no need to loop through the query result set. One fetch is enough.
    4) After the loop you always do the insert. You don't check if you actually found a row in the users table.


    Edit: It took me a bit too long to write this, others have beaten me to it
    Last edited by guido2004; Feb 1, 2013 at 02:24. Reason: I'm too slow ;-)

  7. #7
    SitePoint Enthusiast
    Join Date
    Sep 2012
    Location
    BD
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    will you tell me details for validation and sanitizing of the $_GET data . i am new with paypal payment system. or please give me a sequire code. @ guido

  8. #8
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by anturj View Post
    will you tell me details for validation and sanitizing of the $_GET data . i am new with paypal payment system. or please give me a sequire code. @ guido
    Hi,

    You can use htmlentities($_GET); to remove malicious entities. If as @Guido mentions if you switch to PDO or MYSQL_I you can can use bound queries to protect against SQL injection.
    ictus==""

  9. #9
    SitePoint Enthusiast
    Join Date
    Sep 2012
    Location
    BD
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello server will you please give me a example with my code. It will be easy for me.
    Thank you.

  10. #10
    SitePoint Enthusiast
    Join Date
    Sep 2012
    Location
    BD
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it's not working also . please tell me details about this problem . i am in problem...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •