Hi all,

Im in the sandbox area of paypal and sending a test ipn, which is stated as successful. I miss spelt the name on purpose and got an error, so im guessing that it only checks for a file actually being there.

I admittedly got this code from their examples. but have edited it to run an update action, which is where i need a little help.

Its not updating my field in the database.

<?php

// PHP 4.1

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$quantity = $_POST['quantity'];

if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {

echo "I WORKED THANK YOU VERY MUCH";

mysql_connect("localhost", "username", "password")or die("cannot connect");
mysql_select_db("database")or die("cannot select DB");

$sql = "UPDATE tbl_user SET user_list_credits = '$quantity' WHERE user_email = '$payer_email'";
			
mysql_select_db("$db_name");
$retval = mysql_query( $sql, $conn );
}
else if (strcmp ($res, "INVALID") == 0) {
echo "I DIDNT WORK";
}
}
fclose ($fp);
}
?>

On line 46, you pass the query, and a $conn variable as arguments to mysql_query. Where are you setting $conn?

Also, it is a very good idea to actually validate the information posted to your server before blindly inserting it into queries and your DB - especially when handling money! If anyone posted data to your server, they could fake a payment from PayPal.

R.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.