如何在php中获取用户的详细信息

时间:2017-04-27 11:28:35

标签: php mysqli paypal

我在PHP中开发了一个PayPal集成页面。付款和成功页面也有效,但我没有收到用户电子邮件。

home.php页面

<?php
     ob_start();
      session_start();
      require_once 'dbconfig.php';
      error_reporting(0);
   // if session is not set this will redirect to login page
   if( !isset($_SESSION['user_id']) ) {
         header("Location: index");
         exit;
          }
     $user_id=$_SESSION['user_id'];
     $row=mysqli_fetch_array(mysqli_query($conn,"select *from `at_reg_user` 
     where `email`='$user_id'"));
     $name=$row['fname'].' ' .$row['lname'];
       ?>

home.php页面中的PayPal按钮

       <form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top">
                                 <input type="hidden" name="cmd" value="_s-xclick">
                                 <input type="hidden" name="hosted_button_id" value="YYHR897NQVQCY">
                                 <input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
                                 <img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
                    </form>

这是我的页面成功页面:

<?php
include 'dbconfig.php';
ob_start();
session_start();
if( !isset($_SESSION['user_id']) ) {
header("Location: index");
exit;
  } else {
$user_id = $_SESSION['user_id'];
$row = mysqli_fetch_array(mysqli_query($conn, "select * from `at_reg_user` where `email`='$user_id"));
$email = $row['email'];
   }


 $txn_id = $_GET['tx'];
 $payment_gross = $_GET['amt'];
 $currency_code = $_GET['cc'];
 $payment_status = $_GET['st'];

 if($_GET['st']=="Completed") {

$txn_id = $_GET['tx'];
$payment_gross = $_GET['amt'];
$currency_code = $_GET['cc'];
$payment_status = $_GET['st'];

//select statement for disabling user to perform back button

$result = mysqli_fetch_array(mysqli_query($conn, "SELECT txn_id FROM `payments` where `txn_id`='$txn_id'"));
if ($result > 0) {
    echo("<SCRIPT LANGUAGE='JavaScript'>
                      window.alert(' Sorry you have already done payment')
                      </SCRIPT>");
    } else {

     $query = mysqli_query($conn, "INSERT INTO `payments`(`txn_id`, `payment_gross`, `currency_code`, `payment_status`) VALUES ('$txn_id','$payment_gross','$currency_code','$payment_status')");

      if ($query) {
        echo $email;
        echo "<br/>";
        echo $txn_id;
        echo "<br/>";
        echo $payment_gross;
        echo "<br/>";
        echo $currency_code;
        echo "<br/>";
        echo $payment_status;
        echo "<br/>";
    } else {
        echo("<SCRIPT LANGUAGE='JavaScript'>
                      window.alert(' Payment Successful but not inserted')
                      </SCRIPT>");
    }
   }

 }


      echo "<h4>Payment done Successfully. Note down the above transaction details for further assistance </h4>";
      header("Refresh:10; url=home");
   ?>

当我尝试使用echo $email打印电子邮件时,它不会打印。我需要将emailid插入到付款表中。

2 个答案:

答案 0 :(得分:0)

我认为,MySQL查询中存在语法错误。查看查询的结尾。我想,有一个单引号丢失。这是您的查询:

$row = mysqli_fetch_array(mysqli_query($conn, "select * from `at_reg_user` where `email`='$user_id"));

尝试使用此查询:

$row = mysqli_fetch_array(mysqli_query($conn, "select * from `at_reg_user` where `email`='$user_id'"));

提示:未经测试。 我认为你应该重写整个代码,以使其安全。它充满了错误。

答案 1 :(得分:0)

我建议调查PayPal的Payment Data Transfer。它更安全,因为您不依赖于$ _GET数据。