可以仅依靠Paypal IPN记录购买吗? [英] Can one rely on Paypal IPN solely to record purchases?

问题描述

我正在通过以下主要步骤在网站上建立一个简单的立即购买"交易:

I'm setting up a simple 'buy now' transaction from a website with these major steps:

1. 从价格表中选择产品
2. 评论选择(金额，税项等)
3. 在Paypal上处理付款
4. 收据/谢谢

此刻，我正在第2步中存储数据库记录-这可能意味着将有许多记录未收到任何付款，因为人们决定不继续购买.这些记录没有实际用途，因为我将使用Google Analytics(分析)来跟踪结帐流程的成功程度.

At the moment, i'm storing a database record in step 2 - which potentially means there will be a number of records where no payment is received as people decide not to go ahead with their purchase after all. These records are of no real use since i'll use Google Analytics to track how successful the checkout flow is.

我正在使用Paypal IPN来验证付款的真实性并将它们记录在步骤2中插入的记录中；但是，我可以仅依靠IPN交易中的数据来首先填充数据库，从而消除了在步骤2中存储它们的需要，而不必进行数据库清理以删除从未完成的事务?

I'm using Paypal IPN to verify the authenticity of the payments and log them against the records inserted at step 2 - however, could I feasibly rely solely on the data from the IPN transactions to populate the database in the first place, thus removing the need to store them at step 2 and have to do database cleanup to remove transactions that never completed?

我个人看不出为什么我不会这样做-IPN包含我需要的有关付款的所有数据，并且可能还有更多信息，如果由于以下原因而第一次不通过，那么Paypal将重新发送IPN数天:服务器故障，但是我还有其他重要的东西吗?

I personally can see no reason why I wouldn't - the IPN contains all the data I need about the payment and probably more besides, and Paypal will resend IPNs for several days if they don't go through first time due to server glitchery, but am I missing anything else important?

显然，首先要考虑的是没有交易丢失或未记录，因此不会引起客户不满！

Obviously the number one consideration is that no transactions get lost or aren't logged so that no customer unhappiness ensues!

推荐答案

像您一样进行双向验证很重要.

It's important to do a 2 way validation like you have.

在用户离开系统前往贝宝之前，您要保存订单信息(总计，数量).当ipn回来时，您验证请求(该请求必须来自paypal ip或其他)，然后验证该请求是否成功，然后您的步骤2进入现场.您可以验证是否从paypal ipn返回的总金额是否与用户离开前保存的总金额相同(Paypal有时可能会返回部分付款，用户可能会获取帖子数据，并通过修改后的html编写自己的帖子，而total设置).第2步还应该存储买方的user_id，因此您也必须进行比较.

You save the order info (total, quantity) before the user leaves your system towards paypal. When ipn come back you validate the request (it must be from paypal ip or whatever), you validate that it's a successful transaction then your step 2 enters the scene. You validate if the total returned from paypal ipn is the same with the total that was saved before the user left (Paypal sometime may return partial payments, the user may grab the post data and do his own post from a modified html with a lower total set). Step 2 should also store the user_id of the buyer so you must compare that too.

这是一个示例层(没有编程语言，只是一个伪代码):

here's a sample layer (no programming language just a dummy code):

if request comes from paypal:
    #   query the order
    if order.total == request.total && order.user_id == request.custom:
        payment may come in...

这篇关于可以仅依靠Paypal IPN记录购买吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！