handling paypal payment in backend
Question
I've got a custom form which makes a request to paypal. The problem with this is that people can edit this in inspector. I've got the cart info into a cookie and database too. is there a way to first go to the back end, check all info there and then send it to paypal?
I've looked into IPN but don't understand it really. also my website is currently running on localhost so I need to set some ports open to get messages from paypal. which can't because I'm working on a network where I can't access the router.
I've tried send the form to the backend, compared it with the cart cookie & database. But I don't know if I can send the form in backend.
<div class="paypal pull-right">
<form name="_xclick" action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="upload" value="1">
<input type="hidden" name="business" value="[Business name here]">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="return" value="http://domain/shop/paid">
<input type="hidden" name="cancel_return" value="http://domain/shop/payment_failed">
<?php
$i = 1;
?>
@foreach($cart as $item)
<input type="hidden" name="item_name_{{ $i }}" value="{{$item['name']}}" />
<input type="hidden" name="amount_{{ $i }}" value="{{$item['price']}}" />
<input type="hidden" name="quantity_{{ $i }}" value="{{$item['quantity']}}" />
<?php $i++; ?>
@endforeach
<input type="image" src="http://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>
1 answers
solution1
2 ACCPTED 2016-01-14 13:10:02
You could just create a hosted button and then people can't edit the info for the transaction. When creating the button in your PayPal account just make sure to use the "Save at PayPal" option.
EDIT You won't be able to use a hosted button because of your itemized, dynamic pricing, so Express Checkout is going to be your best bet.
I would recommend you switch to using the Express Checkout APIs instead of Payments Standard. It has quite a few advantages over Payments Standard, primarily the ability the force the guest checkout experience so non-PayPal account holders can easily pay with a credit card.
This PayPal PHP SDK will make the API calls very quick and easy for you.
Basically, you'll use SetExpressCheckout to start the process, then GetExpressCheckoutDetails to pull the buyer's details from PayPal after they've logged in, and then DoExpressCheckoutPayment to finalize the transaction and process the payment.
This method will also keep people from doing anything with the button code because it's all in PHP and API calls.
IPN is still a great tool, but you wouldn't need it to validate your pricing or anything like that (unless you just still wanted to for any reason).
It's a tool you can use to automate pretty much any post-transaction task. This includes payments, refunds, disputes, cleared e-checks, etc. So you can update your database, send custom email notifications, hit 3rd party web services, etc. automatically when transactions hit your PayPal account.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.