paypal, php - integrate a paypal payment into a website
Solution 1
I've recently done this. You can use PayPal's xclick button, to send custom data (that is, price and shipping) to PayPal. Then the customer will pay via PayPal and send an instant payment notification to a file on your server of your choice, then validate the data using the IPN and process the order how you like.
<form action="https://secure.paypal.com/uk/cgi-bin/webscr" method="post" name="paypal" id="paypal">
<!-- Prepopulate the PayPal checkout page with customer details, -->
<input type="hidden" name="first_name" value="<?php echo Firstname?>">
<input type="hidden" name="last_name" value="<?php echo Lastname?>">
<input type="hidden" name="email" value="<?php echo Email?>">
<input type="hidden" name="address1" value="<?php echo Address?>">
<input type="hidden" name="address2" value="<?php echo Address2?>">
<input type="hidden" name="city" value="<?php echo City?>">
<input type="hidden" name="zip" value="<?php echo Postcode?>">
<input type="hidden" name="day_phone_a" value="">
<input type="hidden" name="day_phone_b" value="<?php echo Mobile?>">
<!-- We don't need to use _ext-enter anymore to prepopulate pages -->
<!-- cmd = _xclick will automatically pre populate pages -->
<!-- More information: https://www.x.com/docs/DOC-1332 -->
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="business" value="[email protected]" />
<input type="hidden" name="cbt" value="Return to Your Business Name" />
<input type="hidden" name="currency_code" value="GBP" />
<!-- Allow the customer to enter the desired quantity -->
<input type="hidden" name="quantity" value="1" />
<input type="hidden" name="item_name" value="Name of Item" />
<!-- Custom value you want to send and process back in the IPN -->
<input type="hidden" name="custom" value="<?php echo session_id().?>" />
<input type="hidden" name="shipping" value="<?php echo $shipping_price; ?>" />
<input type="hidden" name="invoice" value="<?php echo $invoice_id ?>" />
<input type="hidden" name="amount" value="<?php echo $total_order_price; ?>" />
<input type="hidden" name="return" value="http://<?php echo $_SERVER['SERVER_NAME']?>/shop/paypal/thankyou"/>
<input type="hidden" name="cancel_return" value="http://<?php echo $_SERVER['SERVER_NAME']?>/shop/paypal/cancelled" />
<!-- Where to send the PayPal IPN to. -->
<input type="hidden" name="notify_url" value="http://<?php echo $_SERVER['SERVER_NAME']?>/shop/paypal/process" />
</form>
Once the customer pays, PayPal will notify your script, and you can do whatever you want after that to process a successful payment.
To process the payment in your PHP file: Paypal Developers LINK
Validation
* NEVER TRUST ANY USER SUBMITTED DATA *
With all PayPal transactions, users can edit the data in the form and submit unwanted or incorrect data. You should save all your variables (such as ID, amount, shipping, etc...) in a database, and validate when the IPN request is received back from PayPal (to make sure they match).
Treat a PayPal transaction with the same security as you do with SQL data, escape all variables, never trust any user submitted data and always validate your data.
Solution 2
Do you mean, something like this?
http://net.tutsplus.com/tutorials/html-css-techniques/creating-a-paypal-payment-form/
Solution 3
You need to read these articles first, its in pdf format, download it and have some time to go through it, its paypal's official payment integeration guide.
https://cms.paypal.com/cms_content/en_US/files/developer/PP_WPP_IntegrationGuide.pdf
https://cms.paypal.com/cms_content/US/en_US/files/developer/PP_ExpressCheckout_IntegrationGuide.pdf
Hope this helps.
Comments
-
zozo over 4 years
Good day to all.
I have a booking site. Here I need to integrate a paypal payment.
Scenario is like this: X enters into the site, fill in a form with a lot of details (name, period, room type, whatever... about 20 fields). The details are sent to a script that calculate the price.
Now what I need is to get the user to pay. I must use authorization & capture to do this (in order to be able to cancel a payment during the time limit of course).
First try was to generate a pay now button. But this kind of request a fixed price (and mine is generated).
Second was an add to cart button. Same thing.
After some research I found that express checkout is what I need (I think... not sure). I used the code generator from https://www.paypal-labs.com/integrationwizard/ecpaypal/code.php.
The problem is that this one require some shipping details also and other useless things. Also I don't see where I fill the visitors name/credit/whatever...
I just want a simple payment. Is anyway I can use a form and send the values to a specified address? Or something like that? Like you know... any normal API.
-
zozo almost 13 yearsGood tutorial... and quite usefull... but if I do it like this I can't cancel a payment (the authorize and capture part).
-
zozo almost 13 yearsIs there anyway to cancel the payment? (the authorize and capture part).
-
Anil almost 13 yearsWhat do u mean by cancel payment?, if the customer cancels payment through paypal they will be redirected to "cancel_return", if you wanted to refund the payment through paypal, you would have to do that using the paypal API and not the IPN. -
zozo almost 13 yearsThat's what I wanted to say. I'm sorry for not being clear (I thought that "I must use authorization & capture to do this (in order to be able to cancel a payment during the time limit of course)." kind of said it but is probably not so clear.). I must be able to cancel a payment hence the hotel can refuse a booking request. Or to refound or something.
-
Anil almost 13 yearsYou will have to use the API for this, I haven't done this before, but it should be straightforward, use this link for more info: cms.paypal.com/us/cgi-bin/… , Best to ask a new question with "Paypal API" in the title. This is a bigger job, you will have to use SOAP or CURL, construct and send the headers, then you will be able to access the api.
-
mixix over 10 yearsbad advise! unfortunately i cannot yet downvote. Never process critical business logic information in a form on the client, because I can change the business name and/or amount in two clicks, process the form and make your backend book something for me / palce a send order in your warehouse / get access to an online information product / whatever.
-
Anil over 10 yearsBefore rendering the form, you would store your data in your database as "uncomplete" with the details, and then validate it when it comes in, if it doesn't match, don't process it and log it for the admin. But you are correct, users can edit the details in the form, and you should always validate any incoming data.
Never trust user inputted data, and this is a good example of that. -
relipse about 8 yearsAn example response AFTER the payment would be something like this: paypal_thankyou?token=LJDFLSKDFHA&amt=2.91&cc=USD&cm=c8h8h2h7j9j0h3b3&item_name=Items&st=Completed&tx=1ABCHAOKFYHI
