Submit form via cURL and redirect browser to PayPal
Solution 1
WARNING: this answer has a security deficit. Passing sensitive data (such as item and price) through the client allows the client to modify the transaction. ie. change the item, or change the price. See the PayPal documentation on how to implement IPN.
You should redirect the user with the php header function and send the vars as GET not POST.
// Process PayPal payment
if ($method == 'PayPal') {
// Prepare GET data
$query = array();
$query['notify_url'] = 'http://jackeyes.com/ipn';
$query['cmd'] = '_cart';
$query['upload'] = '1';
$query['business'] = '[email protected]';
$query['address_override'] = '1';
$query['first_name'] = $first_name;
$query['last_name'] = $last_name;
$query['email'] = $email;
$query['address1'] = $ship_to_address;
$query['city'] = $ship_to_city;
$query['state'] = $ship_to_state;
$query['zip'] = $ship_to_zip;
$query['item_name_'.$i] = $item['description'];
$query['quantity_'.$i] = $item['quantity'];
$query['amount_'.$i] = $item['info']['price'];
// Prepare query string
$query_string = http_build_query($query);
header('Location: https://www.paypal.com/cgi-bin/webscr?' . $query_string);
}
Solution 2
Rather than trying to post all the data to PayPal and back, you should keep the data on your server and send only an identifying token. Any data you send to PayPal (via the user's browser) can be intercepted and modified. This is a serious security hazard.
If you send only the token there is no opportunity for tampering.
Read the PayPal spec, it has guidelines on how to implement these things.
You must use IPN or some similar post processing because PayPal is the only one who knows whether a payment was actually made. Do not trust any data you get from the user.
Solution 3
doing curl it will make end to end calls in backend side , it will not reflect on frontend behavior .
you have to make a form with hidden field and javascript to auto submit the form once page loaded .
Related videos on Youtube
04 : 52
08 : 58
![PayPal Checkout Integration Tutorial For Beginners - [2020]](https://i.ytimg.com/vi/UEJHSPM-Qiw/hq720.jpg?sqp=-oaymwEXCNAFEJQDSFryq4qpAwkIARUAAIhCGAE=&rs=AOn4CLBf9KQsuqSBkLHzeOepHWOY9QxG6A)
22 : 46
26 : 00
02 : 25
03 : 23
51 : 46
13 : 54
11 : 13
41 : 55
16 : 09
58 : 58
David Jones
Updated on June 04, 2022Comments
-
David Jones almost 2 years
I'm developing a site where customers have several payment options, including PayPal Payments Standard. Since I'm collecting a fair amount of data about the customer, I'd like to process the form on my server before sending the user to PayPal's server. One option is to concatenate the data into a single string, assign the string to the
customfield, and then process it in the IPN response, but I find this to be a very inelegant solution. Instead, after collecting the user data, I'm attempting to use cURL to submit a standard HTML PayPal form. How can I redirect the user to PayPal to complete the checkout process?// Process PayPal payment if ($method == 'PayPal') { // Prepare POST data $query = array(); $query['notify_url'] = 'http://example.com/ipn'; $query['cmd'] = '_cart'; $query['upload'] = '1'; $query['business'] = '[email protected]'; $query['address_override'] = '1'; $query['first_name'] = $first_name; $query['last_name'] = $last_name; $query['email'] = $email; $query['address1'] = $ship_to_address; $query['city'] = $ship_to_city; $query['state'] = $ship_to_state; $query['zip'] = $ship_to_zip; $query['item_name_'.$i] = $item['description']; $query['quantity_'.$i] = $item['quantity']; $query['amount_'.$i] = $item['info']['price']; // Prepare query string $query_string = ''; foreach ($query as $key=>$value) { $query_string .= $key.'='.urlencode($value).'&'; } $query_string = rtrim($query_string, '&'); // Open connection $ch = curl_init(); //set the url, number of POST vars, POST data curl_setopt($ch,CURLOPT_URL, 'https://www.paypal.com/cgi-bin/webscr'); curl_setopt($ch,CURLOPT_POST, count($query)); curl_setopt($ch,CURLOPT_POSTFIELDS, $query_string); // Execute post $result = curl_exec($ch); // Close connection curl_close($ch); } -
David Jones about 11 yearsActually, I'm doing exactly what PayPal suggests to do: x.com/developers/paypal/documentation-tools/…. I'm just trying to do it in cURL to make it easier to keep some of the data on my server. In my case, I don't care whether the payment goes through or not – I'd still like to gather the customer information.
-
Halcyon about 11 yearsThat doesn't make any sense at all. Are you going to ask the user for their PayPal credentials, and do the payment on their behalf? This is completely unacceptable. You should not be making request to PayPal, the user should, and then PayPal contacts you. -
David Jones about 11 yearsWhen you use PayPal Payments Standard, the user is simply redirected to PayPal's website. They enter their credentials themselves. The only thing this form does is send along shopping cart info. I think you might be getting confused with advanced integration methods, which I'm not using here.
-
Drahcir about 11 yearsI used the PayPal api a long time ago, just remembered how I did it. Glad it worked -
Admin almost 10 yearsthumbs up, fantastic ! -
Tim almost 9 yearsNot a huge deal, but remember to always includeexit;after redirecting a browser withheader. -
Halcyon over 8 years@DavidJones subsequently the user can modify the shopping-cart/transaction (change the item, change the price). You need to store at least the transaction verbatim on your server so you can verify IPN callbacks. When you're dealing with security always try to expose as little information as possible. Does PayPal need to know what's in the shopping cart? No. So don't send it.
-
DannyFeliz over 7 yearsThanks man, I did not know that you could send the form information as a get. +1
-
DannyFeliz over 7 yearsExactly, never trust users input!