使用POST从PHP页面上传自定义购物车到Paypal [英] Uploading custom cart to Paypal from PHP page using POST

问题描述

我在PayPal使用网站付款标准。所以我有一个自定义购买页面，其实质上是我的许可证（从数据库拉出）的列表：

I'm using Website Payments Standard on PayPal. So I have a custom purchase page which is essentially a list of my licences (pulled from the database):

licence type A: $100
licence type B: $200
licence type C: $300

其中一个（单选按钮），然后单击购买按钮。这将POST页面发送到我的处理PHP页面，该页面从上一页获取所选的licence_id，然后使用它从数据库中选择正确的许可证信息（价格，许可持续时间等），然后它为用户存储一个新的许可证

They choose one of those (radio button) then click the purchase button. This POSTs the page to my processing PHP page which gets the selected licence_id from the previous page, then uses that to select the correct licence information from the database (price, licence duration) etc. Then it stores a new licence for the user (but marks as unpaid as Paypal payment hasn't occurred yet).

然后我的PHP代码使用以下代码重定向到Paypal网站进行付款：

Then my PHP code redirects to the Paypal site for payment using the following code:

// Set the transaction details to be sent to PayPal
$urlParams = array(
    'cmd' => '_cart',
    'upload' => 1,
    'charset' => 'utf-8',
    'business' => my_business_email@domain.com,
    'return' => 'http://mysite.com/paymentprocessed.php',
    'currency_code' => 'NZD',
    'amount_1' => $licencePrice,
    'item_name_1' => $licenceName,
    'quantity_1' => 1
);

// Build the URL
$urlParams = http_build_query($urlParams, '', '&');
$url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';

header('location:' .$url. '?' . $urlParams);
exit();

这实际上会重定向用户，并通过GET将参数发送到PayPal。令人惊讶的是它的工作！然而，明显的安全问题是用户可以只是编辑地址栏中的变量，并更改价格以获得便宜/免费许可证。

This essentially redirects the user and sends the parameters via GET to PayPal. Suprisingly it works! However the obvious security problem is the user can just edit the variables in the address bar and change the price to get a cheap/free licence.

我的PHP页面POST的信息，而且还将浏览器重定向到该页面，以便用户可以完成paypal事务？因此，我的网络服务器直接将关键数据发布到PayPal，用户将无法编辑付款信息。

So is it possible to get my PHP page to POST the information instead and also redirect the browser to that page so the user can complete the paypal transaction? Therefore the critical data is being posted from my webserver directly to PayPal, the user would have no way to edit the payment information.

我想你可以使用IPN肯定他们支付了正确的金额，我仍然会做。但我仍然不想通过GET发送一切。

I suppose you could use the IPN to make sure they paid the right amount, which I'll still do anyway. But I'd like to still not be sending everything via GET.

谢谢！

推荐答案

最好的解决方案是使用Express Checkout。

The best solution would be using Express Checkout. This allows you a great deal more flexibility than standard buttons can ever offer you.

如果你正在考虑如果做IPN，你有足够的能力来集成Express Checkout。所有的真正的是，是1 API调用，其次是重定向到PayPal，和最少1个API调用完成付款。

If you're thinking if doing IPN, you're capable enough to integrate Express Checkout. All it really is, is 1 API call, followed by a redirect to PayPal, and a minimum of 1 more API call to finalize the payment.

典型的流程将看起来如下所示：

1.调用SetExpressCheckout API。如果你是新手，这是使用PayPal的NVP API接口变得简单。您可以将数据作为GET NVP字符串发送到 https://api-3t.paypal.com/nvp ，并以相同的格式获得回复。

2.从响应中获取令牌，然后重定向到 https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXXXXXX https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXXXXXX进行沙盒测试）

3.一旦买家退回，PayPal将请将PAYERID附加到您的RETURNURL。如果找不到它，请调用GetExpressCheckoutDetails API并提供您的令牌以检索它。

4.使用PAYERID和TOKEN，调用DoExpressCheckoutPayment完成付款。

A typical flow would look as follows:
1. Call the SetExpressCheckout API. If you're new to this, it's made dead-easy with PayPal's NVP API interface. You can just send the data as a GET NVP string to https://api-3t.paypal.com/nvp and get a response back in the same format.
2. Take the token from the response, and redirect to https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXXXXXX (https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXXXXXX for Sandbox testing)
3. As soon as the buyer is returned, PayPal will append a PAYERID to your RETURNURL. If you can't find it, call the GetExpressCheckoutDetails API and supply your token to retrieve it.
4. With the PAYERID and TOKEN, call DoExpressCheckoutPayment to finalize the payment.

要开始使用，建议您参考他们提供的PHP NVP SDK，网址是 https://www.x.com/community/ppx/sdks#NVP

To get started with this, I'd suggest taking a looking at the PHP NVP SDK they offer at https://www.x.com/community/ppx/sdks#NVP

这篇关于使用POST从PHP页面上传自定义购物车到Paypal的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！