Handling PayPal IPN with Database Insertion

Question

I am hoping to use the PayPal Pro Hosted Solution to handle payments for my website, and what i would like to achieve is that user submitted data is NOT inserted into my database until PayPal confirms i have received payment for their entry.

From what I've read, i understand the IPN is the best way to achieve this.

So at the moment, users are entering their data with a form, which i am then previewing to them, and if they approve their entry, i am inserting into a database (using PHP/MySQL). The form data at the moment is being passed along in SESSION variables and working fine. The file process is:

1. User enters data
2. User is presented with their entered data on a knew page and if they approve...
3. They click a button which handles the insert into the database.

However what i would like to do is, if they approve their entry on the preview page, when they click approve, instead of the database being updated there and then, send them to PayPal to make the payment and only update the database with their entry if the payment is approved, like this:

1. User enters data
2. User is presented with their entered data on a knew page and if they approve...
3. They click a button which takes them to the payment page
4. If payment is received, their data is added to the database.

Does anyone have any experience of this type of approach point me in the right direction or give me some guidance on how to go about this please?

I have looked over the PayPal documentation but because I'm new to this, i need things explained in a pretty simple manner.

My original idea was just to store the form is SESSION variables but i will lose this by redirecting people to the payment page. Another thought i had was to create an identical database to what i already have as a temporary holding stage for data, then if the IPN comes back approved, move the data to the final hosting database, but this seems like over engineering the problem a bit.

I hope someone can help.

Thanks Dan

Answer 1

Using PayPal IPN seems to be the best solution in this case.

In my opinion, using temporary table seems to be the best solution. It'll be following KISS rule.

Please consider using following scenario:

• user enters the data
• the form is being submitted
• data is stored in temporary table in database
• while redirecting to PayPal website you can add custom field that will be used to identify user when we be back on your page
• update transaction status
• insert data in the table of your needs

It seems to be the simplest solution.

Answer 2

My original idea was just to store the form is SESSION variables but i will lose this by redirecting people to the payment page.

Not necessarily. Sessions can generally persist for as long as the current browser (session) is open. This is not the same as "as long as the current page is viewed" provided you set the session cookie correctly. You can if you do it right have the sessions persist for days, months, years...

Another thought i had was to create an identical database to what i already have as a temporary holding stage for data, then if the IPN comes back approved, move the data to the final hosting database, but this seems like over engineering the problem a bit.

No this is not overkill.

It deals with the situation where a transaction is not completed. This could occur for a number of reasons, for example your user goes to lunch and forgets to complete the process before the session times out (the default is 20 or so minutes) or where there is a problem with the Paypal end (unlikely but you have to presume it can occur) or where there is a general network issue (isp goes down mid transaction), or where your mobile users goes out of network coverage. Anything can disturb a transaction and you need to have a fall-back position. Otherwise it becomes annoying for you (because you don't know anything about what interrupted the transaction and at what point) and for your user who has to start over again.

Having a temporary database allows you to monitor incomplete transactions and if necessary prompting the user to complete if they do not do so within a given period of time.

Answer 3

One matter to recognize regarding IPN is that it is an 'Asynchronous' response from PayPal - it is not in the user's browser session, so session variables will not work if you are relying exclusively on IPN (other than if you receive the IPN response and then match it to the user's session). PayPal also offers PDT (Payment Data Transfer) which is an 'in-session' response which could return the user to your site.

I would not rely exclusively on IPN for payment notifications (see my answer in the following SO topic) Can one rely on Paypal IPN solely to record purchases? .

Our system uses a combination of both IPN and PDT, with the 'cart' data stored in a DB (as your 'temporary' record) until notification of the completed payment by either PDT or IPN - whichever arrives first which completes the transaction (your 'permanent' database insertion) and deletes the 'temporary' record (so a subsequent IPN or PDT does not trigger a duplicate transaction).