Php 付款成功时保存到数据库(paypal)
我正在试图找出最好的方法来保存数据(这是以前提交的形式)到数据库后,客户已经支付了项目,使用贝宝。这一过程的大致路线: 1) 在实际网站上填写表格-->2)登录Paypal-->3)立即付款(Paypal)-->4)数据插入数据库-->5)返回起点 我已经知道了如何执行步骤1到3和5,但是在执行步骤4时需要一些帮助。据我所知,我需要以某种方式存储数据,然后根据需要保存或丢弃存储的数据。这样做的最佳方式是什么 表格Php 付款成功时保存到数据库(paypal),php,mysqli,paypal,Php,Mysqli,Paypal,我正在试图找出最好的方法来保存数据(这是以前提交的形式)到数据库后,客户已经支付了项目,使用贝宝。这一过程的大致路线: 1) 在实际网站上填写表格-->2)登录Paypal-->3)立即付款(Paypal)-->4)数据插入数据库-->5)返回起点 我已经知道了如何执行步骤1到3和5,但是在执行步骤4时需要一些帮助。据我所知,我需要以某种方式存储数据,然后根据需要保存或丢弃存储的数据。这样做的最佳方式是什么 表格 <form action="" method="post" target=
<form action="" method="post" target="" id="bookstay">
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="unitprice" value="40" />
<input type="hidden" name="apt_name" value="Apartment1" />
<input type="hidden" name="no_note" value=""/>
<input type="hidden" name="lc" value="MT" />
<input type="hidden" name="currency_code" value="EUR" />
<input type="hidden" name="bn" value="BuyNowBF:btn_buynow_LG.gif:NonHostedGuest" />
<input type="hidden" name="apartment" value="1"/>
<input name='first_name' class="short-input" id='name' type="text" value="Name" onFocus="this.value = ''" />
<input name= 'last_name' class="short-input" id='name' type="text" value="surname" onFocus="this.value = ''" />
<input name='payer_email' class="long-input" type="text" value="Email" onFocus="this.value = ''" />
<input name='address' class="long-input" type="text" value="Address" onFocus="this.value = ''" />
<input name='mobile' class="short-input" type="text" value="mobile" onFocus="this.value = ''" />
<div class='select' id='peopletostay'>
<select name='pax' class='short-input'>
<option value='0'>people to stay</option>
<option value='1'>1</option>
<option value='2'>2</option>
<option value='3'>3</option>
<option value='4'>4</option>
</select>
</div>
<div id="dateofarrival">
date of arrival<br>
<div class='select' id='date'>
<select class="short-input day-from" name="day_from">
<option value= "01" >01</option>
...
<option value= "31" >31</option>
</select>
</div>
<div class='select' id='month'>
<select class="short-input month-from" name="month_from" size="1">
<option value="01" >January</option>
....
<option value="12" >December</option>
</select>
</div>
<div class='select' id='year'>
<select class="short-input year-from" name='year_from'>
<option value= 2015 > 2015</option>
....
<option value= 2025 > 2025</option>
</select>
</div>
</div>
<div id="dateodeparture">
date of arrival<br>
<div class='select' id='date'>
<select class="short-input day-from" name="day_to">
<option value= "01" >01</option>
...
<option value= "31" >31</option>
</select>
</div>
<div class='select' id='month'>
<select class="short-input month-from" name="month_to" size="1">
<option value="01" >January</option>
....
<option value="12" >December</option>
</select>
</div>
<div class='select' id='year'>
<select class="short-input year-from" name='year_to'>
<option value= 2015 > 2015</option>
....
<option value= 2025 > 2025</option>
</select>
</div>
</div>
<textarea name='remarks'>Extra Remarks</textarea>
<button type="submit" name="proceedtopaypal" id="proceedtopaypal">make booking (proceed to paypal)</button>
</form>
人们希望留下来
1.
2.
3.
4.
到达日期
01
...
31
一月
....
十二月
2015
....
2025
到达日期
01
...
31
一月
....
十二月
2015
....
2025
附加说明
进行预订(转到paypal)
<?php
if ($_POST) {
if (isset($_POST['proceedtopaypal'])){
include 'connect.php';
$apartment = mysqli_real_escape_string($conn, $_POST['apartment']);
$unitprice = mysqli_real_escape_string($conn, $_POST['unitprice']);
$first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
$last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
$payer_email = mysqli_real_escape_string($conn, $_POST['payer_email']);
$address = mysqli_real_escape_string($conn, $_POST['address']);
$apt_name = mysqli_real_escape_string($conn, $_POST['apt_name']);
$mobile = mysqli_real_escape_string($conn, $_POST['mobile']);
$pax = mysqli_real_escape_string($conn, $_POST['pax']);
$remarks = mysqli_real_escape_string($conn, $_POST['remarks']);
$day_from = mysqli_real_escape_string($conn, $_POST['day_from']);
$month_from = mysqli_real_escape_string($conn, $_POST['month_from']);
$year_from = mysqli_real_escape_string($conn, $_POST['year_from']);
$booking_from = $year_from."-".$month_from."-".$day_from;
$day_to = mysqli_real_escape_string($conn, $_POST['day_to']);
$month_to = mysqli_real_escape_string($conn, $_POST['month_to']);
$year_to = mysqli_real_escape_string($conn, $_POST['year_to']);
$booking_to = $year_to."-".$month_to."-".$day_to;
$no_of_nights = abs(strtotime($booking_to) - strtotime($booking_from));
$quantity = floor($no_of_nights / (60*60*24));
// paypal settings
$paypal_email = 'christabelbusuttil@gmail.com';
$return_url = 'http://localhost/Webdevelopment/V18/apartments.php';
$cancel_url = 'http://localhost/Webdevelopment/V18/apartments.php';
$notify_url = 'http://localhost/Webdevelopment/V18/paypal/payments.php';
$item_amount = $unitprice * $quantity;
$item_name = "Booking at ".$apt_name." from " .$booking_from ." to " .$booking_to;
$validdate = false;
$buttonpressed = false;
$checkin='<p>Check in date is invalid.</p>';
$checkout='<p>Check out date is invalid</p>';
$larger = '<p>Check in date is after check out date</p>';
$noinfo='<p>please fill in the missing information.</p>';
$booked='<p>The dates selected are already booked for this apartment</p>';
$equal = '<p>You need to spend a minimum of 1 night in these apartment</p>';
$thankyou = '<h5>Thank you</h5><p>thank you for booking an apartment with V18-apartments.</p>';
$window = '';
function IsInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
if (!checkdate($month_from, $day_from, $year_from)) {
$window = $checkin;
echo $window;
$validate = true;
}
else if (!checkdate($month_to, $day_to, $year_to)) {
$window = $checkout;
$validate = true;
echo $window;
//echo "Check out date is invalid";
}
else if ($booking_from > $booking_to) {
$window = $larger;
$validate = true;
echo $window;
// echo "Check in date is after check out date";
}
else if ($booking_from == $booking_to) {
$window = $equal;
$validate = true;
echo $window;
}
// check if all info is filled in
else if (($first_name == "Name") || ($last_name == "surname") || ($payer_email == "Email") || ($mobile == "mobile") || ($address == "Address")) {
$window = $noinfo;
echo $window;
$validate = true;
// echo "Please fill in the missing information";
}
else if (IsInjected($payer_email)) {
echo "Not an email";
}
else if ($validdate == false) {
$final = true;
$sql = "SELECT COUNT(*) FROM room_nights WHERE apartmentID= '$apartment' AND dates >= '$booking_from' AND dates <= '$booking_to'";
$result = mysqli_query($conn, $sql);
$result = mysqli_query($conn, $sql);
$row=mysqli_fetch_row($result);
if ($row[0] > 0) {
$window = $booked;
echo $window;
}
else if ($final == true) {
// save to database
include 'insertdata.php'; // code below
echo $item_name;
// include functions
include ("pay_functions.php");
// Check if paypal request or response
if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])){
// Firstly Append paypal account to querystring
$querystring .= "?business=".urlencode($paypal_email)."&";
// Append amount& currency (£) to quersytring so it cannot be edited in html
//The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
$querystring .= "item_name=".urlencode($item_name)."&";
$querystring .= "amount=".urlencode($item_amount)."&";
//loop for posted values and append to querystring
foreach($_POST as $key => $value){
$value = urlencode(stripslashes($value));
$querystring .= "$key=$value&";
}
// Append paypal return addresses
$querystring .= "return=".urlencode(stripslashes($return_url))."&";
$querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
$querystring .= "notify_url=".urlencode($notify_url);
// Append querystring with custom field
//$querystring .= "&custom=".USERID;
// Redirect to paypal IPN
header('location:https://www.sandbox.paypal.com/cgi-bin/webscr'.$querystring);
exit();
}
else {
// Response from paypal
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
$req .= "&$key=$value";
}
// assign posted variables to locate variables
$data['item_name'] = $_POST['item_name'];
$data['item_number'] = $_POST['item_number'];
$data['payment_status'] = $_POST['payment_statis'];
$data['payment_amount'] = $_POST['mc_gross'];
$data['payment_currency'] = $_POST['mc_currency'];
$data['txn_id'] = $_POST['txn_id'];
$data['receiver_email'] = $_POST['receiver_email'];
$data['payer_email'] = $_POST['payer_email'];
$data['custom'] = $_POST['custom'];
// post back to paypal system and validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type : application/x-www-form-urlencoded\r\n";
$header .= "Content-Lenght: " .strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP error
} else {
mail('christabelbusuttil@gmail.com', '0', '0');
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// validate payment (check unique txnid & correct price)
$valid_txnid = check_txnid($data['txn_id']);
$valid_price = check_price($data['payment_amount'], $data['item_number']);
// Payment validated and verified
if ($valid_price && $valid_price) {
$orderid = updatePayments($data);
if ($orderid){
// payment has been made and inserted into db
} else {
echo "Error";
}
}
else if (strcmp($res, "INVALID") == 0) {
echo "Payment invalid";
}
}
fclose($fp);
}
}
}
}
}
}
}
?>
<?php
$apartment = mysqli_real_escape_string($conn, $_POST['apartment']);
$unitprice = mysqli_real_escape_string($conn, $_POST['unitprice']);
$first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
$last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
$payer_email = mysqli_real_escape_string($conn, $_POST['payer_email']);
$address = mysqli_real_escape_string($conn, $_POST['address']);
$apt_name = mysqli_real_escape_string($conn, $_POST['apt_name']);
$mobile = mysqli_real_escape_string($conn, $_POST['mobile']);
$pax = mysqli_real_escape_string($conn, $_POST['pax']);
$remarks = mysqli_real_escape_string($conn, $_POST['remarks']);
$day_from = mysqli_real_escape_string($conn, $_POST['day_from']);
$month_from = mysqli_real_escape_string($conn, $_POST['month_from']);
$year_from = mysqli_real_escape_string($conn, $_POST['year_from']);
$booking_from = $year_from."-".$month_from."-".$day_from;
$day_to = mysqli_real_escape_string($conn, $_POST['day_to']);
$month_to = mysqli_real_escape_string($conn, $_POST['month_to']);
$year_to = mysqli_real_escape_string($conn, $_POST['year_to']);
$booking_to = $year_to."-".$month_to."-".$day_to;
$no_of_nights = abs(strtotime($booking_to) - strtotime($booking_from));
$quantity = floor($no_of_nights / (60*60*24));
$reason = "Booked by ".$first_name." ".$last_name." for ".$pax ." people";
function daterange($booking_from, $booking_to, $step = '+1 day', $output_format = 'Y-m-d') {
$dates = array();
$first = new DateTime($booking_from);
$last = new DateTime($booking_to);
$last = $last->modify('+ 1 day');
$interval = DateInterval::createFromDateString($step);
$period = new DatePeriod($first, $interval, $last);
foreach ($period as $date) {
$dates[] = $date->format($output_format);
}
return $dates;
}
$dates = daterange($booking_from, $booking_to);
include 'connect.php';
if (!$conn->autocommit(FALSE)) {
printf("Errormessage: %s\n", $conn->error);
}
if (!$conn->query("INSERT INTO client_details (clientID, name, email, address, mobile) VALUES ('', '$first_name $last_name', '$payer_email', '$address', '$mobile')")) {
printf("Errormessage: %s\n", $conn->error);
}
if (!$conn->query("INSERT INTO bookings (bookingID, apartmentID, clientID, date_from, date_to, nights, pax, remarks) VALUES ('', '$apartment', LAST_INSERT_ID(), '$booking_from', '$booking_to', '$days', '$pax', '$remarks')")) {
printf("Errormessage: %s\n", $conn->error);
}
foreach ($dates as $date) {
if (!$conn->query("INSERT INTO room_nights (bookingID, apartmentID, dates, reason) VALUES (LAST_INSERT_ID(), '$apartment', '$date', '$reason')")) {
printf("Errormessage: %s\n", $conn->error);
}
}
if (!$conn->commit()) {
printf("Errormessage: %s\n", $conn->error);
}
$conn->close();
?>
您的步骤错误
1) 在实际网站上填写表格-->2)登录Paypal-->3)立即付款(Paypal)-->4)数据插入数据库-->5)返回起点
原因在第3步之后,您将如何找到在第一步中填写在表单中的数据,当用户单击提交并离开实际网站并登录到Paypal时,您将丢失表单数据,并且用户也可以对从您的网站购买的产品或服务进行虚假声明,或者对您正在销售的产品或服务进行付款
这一步应该是在与贝宝打交道时
在实际网站上填写From
在表单提交时验证表单数据,如果验证成功,将数据保存到数据库中,并将用户重定向到Paypal
用户登录Paypal并付款
通过Paypal Instant Payment Notification(IPN)(用户仍在Paypal网站上)获取您案例中的付款详细信息,即payments.php
(在IPN中,Paypal发布交易详细信息、金额详细信息等,您需要在步骤5中更新数据库,否则您将无法确定用户支付的产品)
根据Paypal即时付款通知更新数据库中的数据(付款成功、付款失败、付款待定)
使用返回URLReturn.php将用户重定向回实际网站
在实际网站的返回URL上显示付款详细信息和其他详细信息
旁注:第7步,在这一步中,您可以提供一个唯一的参考号(仅在成功付款时生成),并将该参考号提供给从您的网站购买的用户,否则您可能会与声称已针对任何产品付款的用户打交道
(与Paypal打交道时,请记住,Paypal总是喜欢消费者而不是商家,因此您必须小心,否则如果欺诈投诉太多,他们会冻结您的帐户)
就您的代码而言,只需使用mysqli\u real\u escape\u string
像mysqli\u real\u escape\u string($\u POST['partment'])那样对表单值进行转义即可
无需使用PDO您已经在使用MySQLi
在服务器端转义字符串并验证表单输入,足以避免SQL注入漏洞
各地的SQL注入漏洞转换为PDO是否有助于减少漏洞?谢谢。有道理。如果付款失败或被取消,是否可以从数据库中删除数据或将其永久保存在数据库中?付款不会被取消(要取消付款,首先用户必须付款),paypal的付款响应要么成功,要么待定或失败,如果挂起或失败,paypal也会在IPN中的IPNyeah中发布原因,您可以根据PayPals的付款响应对数据做任何您想做的事情简单示例if($payment==“failed”){从表中删除,其中id='$id'}
您将拥有id,因为这是您将作为订单id发送给paypal的内容,paypal将在IPN中将其发回给您,它在每次付款时必须是唯一的,否则paypal将抛出错误,并且不会接受订单和表示发票已付款的付款Hanks.:)关于取消付款,我的意思是,在登录PayPal后,用户可以选择立即付款(开始付款过程)或取消,返回原始页面。