How to create an PayPal button with overwritable variables

php html paypal
10,444

Solution 1

The reason you can't override the amount dynamically, is because you have a so-called 'PayPal hosted button'.
With a hosted button, the amount is stored on PayPal's side and can't be overwritten with the 'amount' variable. You'll either want to use a non-hosted button, or use the BMUpdateButton API call to dynamically update the button's amount.
To use a non-hosted button, simply find 'Step 2' in the button creation tool and untick 'Host button with PayPal'.

Option 2: Still use the hosted button, and use the BMUpdateButton API to update the amount. An example request for BMUpdateButton would look as follows:

USER=Your API username
PWD=Your API password
SIGNATURE=Your API signature
VERSION=82.0
HOSTEDUBTTONID=The value of <input type="hidden" name="hosted_button_id" value="">
BUTTONTYPE=The type of button. E.g. BUYNOW
BUTTONCODE=The type of code you want to get back. E.g. HOSTED
L_BUTTONVAR0=amount=The new amount with a period as separator
L_BUTTONVAR1=item_name=Optional: a new item name if you wish

Similary, you could also use the BMCreateButton API to create a new button, or use the BMButtonSearch API to search through a list of all your stored hosted buttons (to find the hosted_button_id of your button automatically, for example)

The reason to use a hosted button is because it's more secure. A non-hosted, unencrypted button would basically leave the amounts open to manipulation. Fraudulent transactions waiting to happen.

Solution 2

you shouldn't use xclick which isn't encrypted . the way I solved this is using paypal button api - with some kind of caching in the client so you won't do the whole http request response every time.

note that paypal uses 2 types of api - the NVP which is sort of restful (also not really) and SOAP (I used the NVP method)

you could also generate the the encrypted button in your server using openssl - but I run into unsolvable problems with this method and couldn't get any help for that either here or in paypal horrible developer forums

edit: the problem with not encrypted buttons are that anyone using firebug (not talking about more advanced tools) could interecept a payment and change the cost etc'..

If you insist in that direction you could follow the simple html form from paypal to create this button. you do it in paypal site and create an unencrypted button and then just edit the html and change the needed field to <?php $variable?>. I would strongly advice against this path.

Share:
10,444
Jakob Alexander Eichler
Author by

Jakob Alexander Eichler

Updated on June 06, 2022

Comments

  • Jakob Alexander Eichler
    Jakob Alexander Eichler about 2 years

    Hello I would like to create a paypal buy button which has a dynamic set amount. I would like to pass the amount by a text input field within the form and the item_number by a hidden field.

    The issue is that what ever I do I get a encrypted s-xclick button from the paypal website. This button does not allow hidden variables being placed in the form.

    I think what I need is a xclick button. My goal is to allow users to increase their internally credit of my website.

    EDIT (moving the addition to the question from the answer to the question)(from here @tokam:

    To add this to the discussion I would like to show my current solution for the problem:

    Here we have some Javascript validation which helps the user with the input. Recognize that it opens a lightbox on success

    function validatePaypalForm()
{
    var val = $('#paypalPaymentAmount').val().replace(/\s*$/, "").replace(/,/ , ".").replace(/€$/, "");
    var errormsg = '';
    var ret, amountField;
    if( val==='' || isNaN( parseFloat(val) ) || !isFinite(val) )
    {
        errormsg = 'Bitte geben Sie einen g&uuml;ltigen Betrag an';
}else if( parseFloat( val ) < <?php echo $this->minimum?>  )
{
    errormsg = 'Das Einzahlungsminimum betr&auml;gt <?php echo $this->minimum?>&euro;';
}

ret = ( errormsg === '' );


amountField = $( '#paypalAmountField' );
if( ret )
{
    amountField.removeClass( 'error' );     
    $('#paypalAmountErrorMessage').html( '&nbsp;' );
    $('#paypalPaymentAmount').val( val );
    fb.start( 
        '<p><strong>Sie werden in kürze zur Seite von Paypal weitergeleitet.</strong></p>',
        'width:700 showPrint:false modal:true showClose:false showOuterClose:true showItemNumber:false closeOnNewWindow:false outsideClickCloses:true innerBorder:0 imageClickCloses:false scrolling: no'
    );

}else{
    amountField.addClass( 'error' );
    $('#paypalAmountErrorMessage').html( errormsg );
}

return ret;

    } Here comes my button now. The issues I am having with are e.g. that it is easy for the user to set an other currency code. I could handle this in my IPN Listener by refunding the payment. Are there other issues which come with an unencrypted changeable button?

    <form onsubmit="return validatePaypalForm();" class="stn-form" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<fieldset id="fieldset-p"><legend><span>2.</span>myproject Guthaben aufladen per Paypal Zahlung</legend>
<div id='paypalAmountField' class="field">
<label for='paypalPaymentAmount' >Betrag &euro;:</label>
<input id='paypalPaymentAmount' type="text" name='amount' value='' />
<span style='display:block;' id='paypalAmountErrorMessage' class='errorText'>'&nbsp;</span>

</div>
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="THE_ID_OF_MY_CLIENT">
<input type="hidden" name="lc" value="DE">
<input type="hidden" name="item_name" value="myproject Advertiser Vorkasse">
<input type="hidden" name='item_number' value="11500">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_paynowCC_LG.gif:NonHosted">
<input type="hidden" name="rm" value="1">
<input type="hidden" name='cbt' value="Zu myproject.de zur&uuml;ckkehren">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="return" value="http://myproject.somedomain.net/advertiser/guthaben-aufladen/ret/success" />
<input type="hidden" name="cancel_ return" value="http://myproject.somedomain.net/advertiser/guthaben-aufladen/ret/canceled" />
<div class="actionrow">

<input type="image" src="https://www.paypalobjects.com/de_DE/DE/i/btn/btn_paynowCC_LG.gif" border="0" name="submit" alt="Jetzt einfach, schnell und sicher online bezahlen – mit PayPal.">
<img alt="" border="0" src="https://www.paypalobjects.com/de_DE/i/scr/pixel.gif" width="1" height="1">
</div>
</fieldset>
</form>

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cash out virtual credit with PayPal API
Change privacy policy text shown at the time of registration in Woocommerce
PHP: Add Div INSIDE Echo
Change DIV's height via JavaScript when word-wrap occurs
Run PHP code on button click
Easiest way to convert a PHP page to static HTML page
wp_title filter takes no effect on the <title> tag
How to include css from resources folder in symfony 2
How to stop an animation in canvas?
MIME Type spoofing