Php IPN-处理自定义字符
使用paypal的IPN通知时,我试图传递一个序列化的自定义数组,我不知道为什么,但我得到了一个违规错误sql,因此我的查询如下:Php IPN-处理自定义字符,php,url,paypal,paypal-ipn,Php,Url,Paypal,Paypal Ipn,使用paypal的IPN通知时,我试图传递一个序列化的自定义数组,我不知道为什么,但我得到了一个违规错误sql,因此我的查询如下: $test = array('cmd'=>'_xclick', 'business'=>'email@email.com', 'notify_url'=> 'url/to/ipn.php', 'item_n
$test = array('cmd'=>'_xclick',
'business'=>'email@email.com',
'notify_url'=> 'url/to/ipn.php',
'item_name'=>'Pixel',
'amount'=>'1.00',
'currency_code'=>'USD',
'lc'=>'US',
'custom'=>serialize( array( "variable1" => $variable1,"variable2" => $variable2,
"variable3" => $variable3,"variable4" => $variable4,
"variable5" => $variable5)));
$url = "https://www.sandbox.paypal.com/cgi-bin/webscr?".http_build_query($test);
header("Location:".$url);
exit();
//later in ipn.php:
$custom = unserialize($_POST["custom"]);
$variable1 = $_POST['variable1'];
$variable2 = $_POST['variable2'];
$variable3 = $_POST['variable3'];
$variable4 = $_POST['variable4'];
$variable5 = $_POST['variable5'];
try
{
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("INSERT INTO firsttable(variable1, variable2, variable3, variable4, variable5)
VALUES (?,?,?,?,?)");
$stmt->bindParam(1, $value1);
$stmt->bindParam(2, $value2);
$stmt->bindParam(3, $value3);
$stmt->bindParam(4, $value4);
$stmt->bindParam(5, $value5);
$value1 = $variable1;
$value2 = $variable2;
$value3 = $variable3;
$value4 = $variable4;
$value5 = $variable5;
$stmt->execute();
}
catch(PDOException $exception)
{
$variable .= "Failure: " . $exception->getMessage() . "\n";
}
仅返回此错误:
Failure: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your MySQL server
version for the right syntax to use near 'NULL,'.',NULL)'
是因为自定义长度超过200个字符吗??或者我做错了什么
你好 您发布的代码段没有存储$custom的内容,您应该在准备好的语句中使用单引号而不是双引号,以避免注入。如果要保存$variable1..n的值,您的问题看起来取决于$value1..n的内容,而不是$value1..n,这些内容没有在任何地方定义 无论如何,未序列化的自定义字段的内容在$custom中,而不是在$u POST['variable1'];中$_POST['variablen'];您可以使用$custom[n]获取值 请注意,paypal自定义字段的最大长度为255个字符 另一个注意事项是,序列化时应进行urlencode,以避免不允许的字符取消序列化后,$variable1等于什么?$\u POST['custom']是否超过200个字符?