我在PHP中开发了一个PayPal集成页面。付款和成功页面也有效,但我没有收到用户电子邮件。
home.php页面
<?php
ob_start();
session_start();
require_once 'dbconfig.php';
error_reporting(0);
// if session is not set this will redirect to login page
if( !isset($_SESSION['user_id']) ) {
header("Location: index");
exit;
}
$user_id=$_SESSION['user_id'];
$row=mysqli_fetch_array(mysqli_query($conn,"select *from `at_reg_user`
where `email`='$user_id'"));
$name=$row['fname'].' ' .$row['lname'];
?>
home.php页面中的PayPal按钮
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="YYHR897NQVQCY">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
这是我的页面成功页面:
<?php
include 'dbconfig.php';
ob_start();
session_start();
if( !isset($_SESSION['user_id']) ) {
header("Location: index");
exit;
} else {
$user_id = $_SESSION['user_id'];
$row = mysqli_fetch_array(mysqli_query($conn, "select * from `at_reg_user` where `email`='$user_id"));
$email = $row['email'];
}
$txn_id = $_GET['tx'];
$payment_gross = $_GET['amt'];
$currency_code = $_GET['cc'];
$payment_status = $_GET['st'];
if($_GET['st']=="Completed") {
$txn_id = $_GET['tx'];
$payment_gross = $_GET['amt'];
$currency_code = $_GET['cc'];
$payment_status = $_GET['st'];
//select statement for disabling user to perform back button
$result = mysqli_fetch_array(mysqli_query($conn, "SELECT txn_id FROM `payments` where `txn_id`='$txn_id'"));
if ($result > 0) {
echo("<SCRIPT LANGUAGE='JavaScript'>
window.alert(' Sorry you have already done payment')
</SCRIPT>");
} else {
$query = mysqli_query($conn, "INSERT INTO `payments`(`txn_id`, `payment_gross`, `currency_code`, `payment_status`) VALUES ('$txn_id','$payment_gross','$currency_code','$payment_status')");
if ($query) {
echo $email;
echo "<br/>";
echo $txn_id;
echo "<br/>";
echo $payment_gross;
echo "<br/>";
echo $currency_code;
echo "<br/>";
echo $payment_status;
echo "<br/>";
} else {
echo("<SCRIPT LANGUAGE='JavaScript'>
window.alert(' Payment Successful but not inserted')
</SCRIPT>");
}
}
}
echo "<h4>Payment done Successfully. Note down the above transaction details for further assistance </h4>";
header("Refresh:10; url=home");
?>
当我尝试使用echo $email
打印电子邮件时,它不会打印。我需要将emailid插入到付款表中。
答案 0 :(得分:0)
我认为,MySQL查询中存在语法错误。查看查询的结尾。我想,有一个单引号丢失。这是您的查询:
$row = mysqli_fetch_array(mysqli_query($conn, "select * from `at_reg_user` where `email`='$user_id"));
尝试使用此查询:
$row = mysqli_fetch_array(mysqli_query($conn, "select * from `at_reg_user` where `email`='$user_id'"));
提示:未经测试。 我认为你应该重写整个代码,以使其安全。它充满了错误。
答案 1 :(得分:0)
我建议调查PayPal的Payment Data Transfer。它更安全,因为您不依赖于$ _GET数据。