我正在尝试找出在客户使用 paypal 为商品付款后将数据(以前以表格形式提交)保存到数据库的最佳方法。沿着这个过程的一些东西:
1)在实际网站上填写表格 --> 2)登录Paypal --> 3)立即付款(PayPal) --> 4)数据插入数据库 --> 5)返回起点?
我已经弄清楚如何执行步骤 1 到 3 和 5,但是在执行步骤 4 时需要一些帮助。据我所知,我需要以某种方式存储数据,然后保存或丢弃存储的数据按要求。最好的方法是什么?
表格
<form action="" method="post" target="" id="bookstay">
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="unitprice" value="40" />
<input type="hidden" name="apt_name" value="Apartment1" />
<input type="hidden" name="no_note" value=""/>
<input type="hidden" name="lc" value="MT" />
<input type="hidden" name="currency_code" value="EUR" />
<input type="hidden" name="bn" value="BuyNowBF:btn_buynow_LG.gif:NonHostedGuest" />
<input type="hidden" name="apartment" value="1"/>
<input name='first_name' class="short-input" id='name' type="text" value="Name" onFocus="this.value = ''" />
<input name= 'last_name' class="short-input" id='name' type="text" value="surname" onFocus="this.value = ''" />
<input name='payer_email' class="long-input" type="text" value="Email" onFocus="this.value = ''" />
<input name='address' class="long-input" type="text" value="Address" onFocus="this.value = ''" />
<input name='mobile' class="short-input" type="text" value="mobile" onFocus="this.value = ''" />
<div class='select' id='peopletostay'>
<select name='pax' class='short-input'>
<option value='0'>people to stay</option>
<option value='1'>1</option>
<option value='2'>2</option>
<option value='3'>3</option>
<option value='4'>4</option>
</select>
</div>
<div id="dateofarrival">
date of arrival<br>
<div class='select' id='date'>
<select class="short-input day-from" name="day_from">
<option value= "01" >01</option>
...
<option value= "31" >31</option>
</select>
</div>
<div class='select' id='month'>
<select class="short-input month-from" name="month_from" size="1">
<option value="01" >January</option>
....
<option value="12" >December</option>
</select>
</div>
<div class='select' id='year'>
<select class="short-input year-from" name='year_from'>
<option value= 2015 > 2015</option>
....
<option value= 2025 > 2025</option>
</select>
</div>
</div>
<div id="dateodeparture">
date of arrival<br>
<div class='select' id='date'>
<select class="short-input day-from" name="day_to">
<option value= "01" >01</option>
...
<option value= "31" >31</option>
</select>
</div>
<div class='select' id='month'>
<select class="short-input month-from" name="month_to" size="1">
<option value="01" >January</option>
....
<option value="12" >December</option>
</select>
</div>
<div class='select' id='year'>
<select class="short-input year-from" name='year_to'>
<option value= 2015 > 2015</option>
....
<option value= 2025 > 2025</option>
</select>
</div>
</div>
<textarea name='remarks'>Extra Remarks</textarea>
<button type="submit" name="proceedtopaypal" id="proceedtopaypal">make booking (proceed to paypal)</button>
</form>
支付码
<?php
if ($_POST) {
if (isset($_POST['proceedtopaypal'])){
include 'connect.php';
$apartment = mysqli_real_escape_string($conn, $_POST['apartment']);
$unitprice = mysqli_real_escape_string($conn, $_POST['unitprice']);
$first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
$last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
$payer_email = mysqli_real_escape_string($conn, $_POST['payer_email']);
$address = mysqli_real_escape_string($conn, $_POST['address']);
$apt_name = mysqli_real_escape_string($conn, $_POST['apt_name']);
$mobile = mysqli_real_escape_string($conn, $_POST['mobile']);
$pax = mysqli_real_escape_string($conn, $_POST['pax']);
$remarks = mysqli_real_escape_string($conn, $_POST['remarks']);
$day_from = mysqli_real_escape_string($conn, $_POST['day_from']);
$month_from = mysqli_real_escape_string($conn, $_POST['month_from']);
$year_from = mysqli_real_escape_string($conn, $_POST['year_from']);
$booking_from = $year_from."-".$month_from."-".$day_from;
$day_to = mysqli_real_escape_string($conn, $_POST['day_to']);
$month_to = mysqli_real_escape_string($conn, $_POST['month_to']);
$year_to = mysqli_real_escape_string($conn, $_POST['year_to']);
$booking_to = $year_to."-".$month_to."-".$day_to;
$no_of_nights = abs(strtotime($booking_to) - strtotime($booking_from));
$quantity = floor($no_of_nights / (60*60*24));
// paypal settings
$paypal_email = 'christabelbusuttil@gmail.com';
$return_url = 'http://localhost/Webdevelopment/V18/apartments.php';
$cancel_url = 'http://localhost/Webdevelopment/V18/apartments.php';
$notify_url = 'http://localhost/Webdevelopment/V18/paypal/payments.php';
$item_amount = $unitprice * $quantity;
$item_name = "Booking at ".$apt_name." from " .$booking_from ." to " .$booking_to;
$validdate = false;
$buttonpressed = false;
$checkin='<p>Check in date is invalid.</p>';
$checkout='<p>Check out date is invalid</p>';
$larger = '<p>Check in date is after check out date</p>';
$noinfo='<p>please fill in the missing information.</p>';
$booked='<p>The dates selected are already booked for this apartment</p>';
$equal = '<p>You need to spend a minimum of 1 night in these apartment</p>';
$thankyou = '<h5>Thank you</h5><p>thank you for booking an apartment with V18-apartments.</p>';
$window = '';
function IsInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
if (!checkdate($month_from, $day_from, $year_from)) {
$window = $checkin;
echo $window;
$validate = true;
}
else if (!checkdate($month_to, $day_to, $year_to)) {
$window = $checkout;
$validate = true;
echo $window;
//echo "Check out date is invalid";
}
else if ($booking_from > $booking_to) {
$window = $larger;
$validate = true;
echo $window;
// echo "Check in date is after check out date";
}
else if ($booking_from == $booking_to) {
$window = $equal;
$validate = true;
echo $window;
}
// check if all info is filled in
else if (($first_name == "Name") || ($last_name == "surname") || ($payer_email == "Email") || ($mobile == "mobile") || ($address == "Address")) {
$window = $noinfo;
echo $window;
$validate = true;
// echo "Please fill in the missing information";
}
else if (IsInjected($payer_email)) {
echo "Not an email";
}
else if ($validdate == false) {
$final = true;
$sql = "SELECT COUNT(*) FROM room_nights WHERE apartmentID= '$apartment' AND dates >= '$booking_from' AND dates <= '$booking_to'";
$result = mysqli_query($conn, $sql);
$result = mysqli_query($conn, $sql);
$row=mysqli_fetch_row($result);
if ($row[0] > 0) {
$window = $booked;
echo $window;
}
else if ($final == true) {
// save to database
include 'insertdata.php'; // code below
echo $item_name;
// include functions
include ("pay_functions.php");
// Check if paypal request or response
if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
// Firstly Append paypal account to querystring
$querystring .= "?business=".urlencode($paypal_email)."&";
// Append amount& currency (£) to quersytring so it cannot be edited in html
//The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
$querystring .= "item_name=".urlencode($item_name)."&";
$querystring .= "amount=".urlencode($item_amount)."&";
//loop for posted values and append to querystring
foreach($_POST as $key => $value){
$value = urlencode(stripslashes($value));
$querystring .= "$key=$value&";
}
// Append paypal return addresses
$querystring .= "return=".urlencode(stripslashes($return_url))."&";
$querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
$querystring .= "notify_url=".urlencode($notify_url);
// Append querystring with custom field
//$querystring .= "&custom=".USERID;
// Redirect to paypal IPN
header('location:https://www.sandbox.paypal.com/cgi-bin/webscr'.$querystring);
exit();
}
else {
// Response from paypal
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
$req .= "&$key=$value";
}
// assign posted variables to locate variables
$data['item_name'] = $_POST['item_name'];
$data['item_number'] = $_POST['item_number'];
$data['payment_status'] = $_POST['payment_statis'];
$data['payment_amount'] = $_POST['mc_gross'];
$data['payment_currency'] = $_POST['mc_currency'];
$data['txn_id'] = $_POST['txn_id'];
$data['receiver_email'] = $_POST['receiver_email'];
$data['payer_email'] = $_POST['payer_email'];
$data['custom'] = $_POST['custom'];
// post back to paypal system and validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type : application/x-www-form-urlencoded\r\n";
$header .= "Content-Lenght: " .strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP error
} else {
mail('christabelbusuttil@gmail.com', '0', '0');
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// validate payment (check unique txnid & correct price)
$valid_txnid = check_txnid($data['txn_id']);
$valid_price = check_price($data['payment_amount'], $data['item_number']);
// Payment validated and verified
if ($valid_price && $valid_price) {
$orderid = updatePayments($data);
if ($orderid){
// payment has been made and inserted into db
} else {
echo "Error";
}
}
else if (strcmp($res, "INVALID") == 0) {
echo "Payment invalid";
}
}
fclose($fp);
}
}
}
}
}
}
}
?>
INSERTDATA.PHP
<?php
$apartment = mysqli_real_escape_string($conn, $_POST['apartment']);
$unitprice = mysqli_real_escape_string($conn, $_POST['unitprice']);
$first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
$last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
$payer_email = mysqli_real_escape_string($conn, $_POST['payer_email']);
$address = mysqli_real_escape_string($conn, $_POST['address']);
$apt_name = mysqli_real_escape_string($conn, $_POST['apt_name']);
$mobile = mysqli_real_escape_string($conn, $_POST['mobile']);
$pax = mysqli_real_escape_string($conn, $_POST['pax']);
$remarks = mysqli_real_escape_string($conn, $_POST['remarks']);
$day_from = mysqli_real_escape_string($conn, $_POST['day_from']);
$month_from = mysqli_real_escape_string($conn, $_POST['month_from']);
$year_from = mysqli_real_escape_string($conn, $_POST['year_from']);
$booking_from = $year_from."-".$month_from."-".$day_from;
$day_to = mysqli_real_escape_string($conn, $_POST['day_to']);
$month_to = mysqli_real_escape_string($conn, $_POST['month_to']);
$year_to = mysqli_real_escape_string($conn, $_POST['year_to']);
$booking_to = $year_to."-".$month_to."-".$day_to;
$no_of_nights = abs(strtotime($booking_to) - strtotime($booking_from));
$quantity = floor($no_of_nights / (60*60*24));
$reason = "Booked by ".$first_name." ".$last_name." for ".$pax ." people";
function daterange($booking_from, $booking_to, $step = '+1 day', $output_format = 'Y-m-d') {
$dates = array();
$first = new DateTime($booking_from);
$last = new DateTime($booking_to);
$last = $last->modify('+ 1 day');
$interval = DateInterval::createFromDateString($step);
$period = new DatePeriod($first, $interval, $last);
foreach ($period as $date) {
$dates[] = $date->format($output_format);
}
return $dates;
}
$dates = daterange($booking_from, $booking_to);
include 'connect.php';
if (!$conn->autocommit(FALSE)) {
printf("Errormessage: %s\n", $conn->error);
}
if (!$conn->query("INSERT INTO client_details (clientID, name, email, address, mobile) VALUES ('', '$first_name $last_name', '$payer_email', '$address', '$mobile')")) {
printf("Errormessage: %s\n", $conn->error);
}
if (!$conn->query("INSERT INTO bookings (bookingID, apartmentID, clientID, date_from, date_to, nights, pax, remarks) VALUES ('', '$apartment', LAST_INSERT_ID(), '$booking_from', '$booking_to', '$days', '$pax', '$remarks')")) {
printf("Errormessage: %s\n", $conn->error);
}
foreach ($dates as $date) {
if (!$conn->query("INSERT INTO room_nights (bookingID, apartmentID, dates, reason) VALUES (LAST_INSERT_ID(), '$apartment', '$date', '$reason')")) {
printf("Errormessage: %s\n", $conn->error);
}
}
if (!$conn->commit()) {
printf("Errormessage: %s\n", $conn->error);
}
$conn->close();
?>
最佳答案
你的步骤错了
1)在实际网站上填写表格 --> 2)登录Paypal --> 3)立即付款(PayPal) --> 4)数据插入数据库 --> 5)返回起点?
原因在第 3 步之后,您将如何找到在第 1 步中填写的表格数据,当用户点击提交并离开实际网站并登录 Paypal 时,您将丢失表格数据,用户可以进行虚假 claim 他们也从您的网站购买或针对您销售的产品或服务付款。
处理Paypal时应该采取的步骤
- 填写实际网站上的发件人
- 在提交表单时验证表单数据,如果验证成功,将数据保存到数据库并将用户重定向到Paypal
- 用户登录 Paypal 并付款
- 通过 Paypal 即时付款通知 (IPN) 获取付款详情(当用户仍在 Paypal 网站上时)IPN Detail在您的情况下是
payments.php(在 IPN 中,Paypal 发布您需要在步骤 5 中更新数据库的交易详细信息、金额详细信息等,否则您将无法确定哪个用户针对哪个产品付费) - 根据Paypal即时支付通知(支付成功、支付失败、支付待处理)更新数据库中的数据
- 使用返回 URL Return URL Detail 将用户重定向回实际网站
return.php - 在实际网站上的返回 URL 上显示付款详细信息和其他详细信息。
旁注:第 7 步,在此步骤中,您可以提供一个唯一的引用号(仅在成功付款后生成)并将该引用号提供给从您的网站购买的用户,否则您最终可能会与声称的用户打交道他们为任何产品付款。
(在与 Paypal 打交道时,请记住,paypal 始终更喜欢消费者而不是商家,因此您必须小心,否则如果欺诈投诉过多,他们会卡住您的帐户)
就您的代码而言,只需使用 mysqli_real_escape_string 转义表单值,例如 mysqli_real_escape_string($_POST['apartment']);,无需使用 PDO已经在使用 MySQLi 转义字符串并在服务器端验证表单输入足以避免 SQL 注入(inject)漏洞
关于php - 付款成功后保存到数据库(paypal),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32421096/