Hi, I am using a prototype PayPal payment system which does not ever need to properly work, but I am having trouble writing to the database as well as redirecting to the PayPal payment page at the same time.

Here is the form:

echo '<form name="purchase" target="_blank" action="https://www.paypal.com/cgi-bin/webscr" method="post">';
    echo '<input type="hidden" name="cmd" value="_xclick">';
    echo '<input type="hidden" name="business" value="*********">';
    echo '<input type="hidden" name="lc" value="GB">';
    echo '<input type="hidden" name="item_name" value="' . $name . '">';
    echo '<input type="hidden" name="amount" value="' . $price . '">';
    echo '<input type="hidden" name="currency_code" value="GBP">';
    echo '<input type="hidden" name="button_subtype" value="services">';
    echo '<input type="hidden" name="no_note" value="0">';
    echo '<input type="hidden" name="shipping" value="' . $postage . '">';
    echo '<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest">';
    echo '<input type="image" src="https://www.paypal.com/en_US/GB/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online." onClick="return confirmSubmit()">';
    echo '<img alt="" border="0" src="https://www.paypal.com/en_GB/i/scr/pixel.gif" width="1" height="1">';
echo '</form>';

This is the code that is auto generated from PayPal, this takes a few variables and uses them when the 'BUY' button is clicked, As you can see when the button is clicked it goes to 'https://www.paypal.com/cgi-bin/webscr' through the form action.

This is working fine and does not need to change, what I am having trouble doing is also linking to another php page when the form is submitted so that I can write some data to the database to record the purchase.

I hope someone can help.
Thanks.

You could use in the form tag onsubmit="return aFunction()". And then with JavaScript pass the variables to a PHP programme with AJAX and return true.

Thanks for the quick reply, I have tried something similar using just JavaScript, but i haven't tired to do it with AJAX too, i'm not great with AJAX, any idea how I would go about it?

Before providing you code let me notice that all the fields are hidden, that means that you already have their values when you are generating the form, so maybe the only thing you need to know is that the person pressed the button (that doesn’t mean that the payment completed just that the button pressed), as I can remember paypal has a roll over case when a payment had actually processed. If this is the case (that the button have pressed) there are several ways to figure out and I would happily provide you one of those. If the case is that the payment has being made then the only thing you could do is read more paypal api.

As this is a prototype the payment cannot be made, the link to PayPal works but the payment will not go through as it has not been correctly set up, which is fine because for the purpose of this project I do not need to payment to work.

Really I need to fake that the payment has gone through successfully and just write to the database when the button is pressed. I do already have all of the data and variable that I need to insert into the database which I would normally do through a secondary php page linked by the form action, but because the form action is already in use by PayPal I don't know how to both write to the database and link to PayPal when the button is pressed.

Here is an example. In sample.php I used your code and is where the form is and makes an AJAX call to sample2.php . Read the comments and consider creating a more secure layer.

sample.php

<?php
session_start();
$timestamp = date("U");


// I set these variables only for the script to work,
// as I understood in your case you have these
$name = "something";
$price = "9999999";
$postage = "horse";

// The input fields in your form are hidden so you allready have their values
$_SESSION[$timestamp."v"]["cmd"] = "_xclick";
$_SESSION[$timestamp."v"]["business"] = "";
$_SESSION[$timestamp."v"]["lc"] = "GB";
$_SESSION[$timestamp."v"]["item_name"] = $name;
$_SESSION[$timestamp."v"]["amount"] =  $price;
$_SESSION[$timestamp."v"]["currency_code"] = "GBP";
$_SESSION[$timestamp."v"]["button_subtype"] = "services";
$_SESSION[$timestamp."v"]["no_note"] = "0";
$_SESSION[$timestamp."v"]["bn"] = "PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest";

// Few lines about security , with this you can insure only the basic level
// but you should always consider about security. What I am doing is
// that I am creating a hash with a salt that only the script knows
$salt = "put here your salt";
$_SESSION[$timestamp."v"]["securityCheck"] = crypt(session_id().$timestamp,$salt);


// The next one will be needed in the second page and it help us determine that the correct path was fallowed 
if(isset($_SESSION["proceed"]))
{
	unset($_SESSION["proceed"]);
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>sample</title>

<script type="text/javascript">

// This is the JavaScript function that is going to be used for AJAX 
// along with the form 
function onSubmit()
{
	// We will not let the form to submited before we comunicate with our other script
	communicate();
	return false; 
} 

function communicate()
{
	// For the basics you could alse read http://www.w3schools.com/PHP/php_ajax_database.asp
	if (window.XMLHttpRequest)
	{
		xmlhttp=new XMLHttpRequest();
	}
	else
	{
	  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
	}

	// You want only to track that a button had pressed so you don't need onreadystatechange
  // I am adding one just to demonstrate how you can determine if the form will submitted or not.
	xmlhttp.onreadystatechange=function()
  {
  	if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
  	   response = xmlhttp.responseText.trim();
  	   if(response == "")
  	   {
					document.purchase.submit();
  	   }
  	   else 
  	   {
  		 		alert(response);    
  	   }
    }
  }
	
	xmlhttp.open("GET","sample2.php?timestamp=<?php echo $timestamp?>",true);
	xmlhttp.send();

}

// You allready use confirmSubmit witch you didn't provided 
// so here is an example 
function confirmSubmit()
{
	confirm("Should I proceed with payment?");
}

// Just a trim String prototype 
String.prototype.trim = function() 
{
	 return this.replace(/^\s+|\s+$/g,"");
};
</script>
</head>

<body>
<?php

// I removed temporarily the action="https://www.paypal.com/cgi-bin/webscr"
// from your code because I don't really want to post to paypal at this point
echo '<form name="purchase" target="_blank" action="" method="post" onsubmit="return onSubmit()".>';
echo '<input type="hidden" name="cmd" value="_xclick">';
echo '<input type="hidden" name="business" value="*********">';
echo '<input type="hidden" name="lc" value="GB">';
echo '<input type="hidden" name="item_name" value="' . $name . '">';
echo '<input type="hidden" name="amount" value="' . $price . '">';
echo '<input type="hidden" name="currency_code" value="GBP">';
echo '<input type="hidden" name="button_subtype" value="services">';
echo '<input type="hidden" name="no_note" value="0">';
echo '<input type="hidden" name="shipping" value="' . $postage . '">';
echo '<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest">';
echo '<input type="image" src="https://www.paypal.com/en_US/GB/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online." onClick="return confirmSubmit()">';
echo '<img alt="" border="0" src="https://www.paypal.com/en_GB/i/scr/pixel.gif" width="1" height="1">';
echo '</form>';


?>
</body>
</html>

sample2.php

<?php
session_start();

// Put here the same salt as you used in the first script 
$salt = "put here your salt";

// Here I create a generic error message for all purposes , you can make as many of them you like depending the case of the error
$error = "There has been an error submitting the form. Please check the submitting sequence you fallowed and repeat.";

// If somebody is playing (replay atack) with your code than there is no reason to continue
// Here I am using just a session variable but for extra security you should use a table
// with banned (for certain period) IP's or / and other data you can collect from user (to avoid IP spoofing)

if(isset($_SESSION["proceed"]) && $_SESSION["proceed"]==false)
{
	echo $error; 
}
else
{
	if(isset($_GET["timestamp"]))
	{
		$timestamp = $_GET["timestamp"];
		if(isset($_SESSION[$timestamp."v"]))
		{
			if($_SESSION[$timestamp."v"]["securityCheck"] == crypt(session_id().$timestamp,$salt))
			{
				// HERE WE ARE FINALLY OK , YOU CAN DO WHAT EVER YOU WANT WITH YOUR 
				// VARIABLES IN $_SESSION[$timestamp."v"] array 
			}
			else 
			{
				$_SESSION["proceed"] = false; 
				echo $error;				
			}
			// In this example I let variables come used one time
			unset($_SESSION[$timestamp."v"]);
		}
		else
		{
			$_SESSION["proceed"] = false; 
			echo $error;
		}
	}
	else
	{
		$_SESSION["proceed"] = false;
		echo $error;
	}
}
?>

Thanks Jkon! I have it all working now! your example was very very helpful so thank you very much for that.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.