Menu
there is a limit of 256 characters on the custom field for a Paypal html button. Is there a way to increase that limit or are there other fields that I can user (like custom1, custom2, other), etc...
Thank you
994
Instead of sending a whole load of data via the custom field, save the data in a database, and send a record id. On ipn / cancel, retrieve the ID and update/delete the record.
To do this, 1st you need to change the button code to post to a php file on your own site not paypal, so the regular button code:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="[email protected]">
<input type="hidden" name="item_name" value="hat">
<input type="hidden" name="item_number" value="123">
<input type="hidden" name="amount" value="15.00">
<input type="image" name="submit" border="0"
src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif"
alt="PayPal - The safer, easier way to pay online">
</form>
Becomes:
<form action="buttonhandler.php" method="post">
<input type="hidden" name="item_number" value="123">
<input type="image" name="submit" border="0"
src="https://www.paypalobjects.com/en_US/i/btn/btn_buynow_LG.gif"
alt="PayPal - The safer, easier way to pay online">
</form>
Note that a few fields are missing - cmd, business, item_name and amount, as we will generate those in php.
You could have the amount defined in the button html, but it would be better to have it defined in your database, then you can automatically reject orders where the user paid the wrong amount (by fiddling with the data sent to paypal - something they can currently do with your normal html button system).
In the php file, you collect the product info, save the order to the db, and generate the paypal data that would normally be included in the button form fields
//buttonhandler.php
$item_number = $_POST['item_number'];
//get item name, price from DB
//Note made up ORM code here for brevity -
//use whatever db acccess method you usually do:
$item = Items::getOne($item_number);
//save order in db, and retrieve order id. You can save whatever you need into the order,
//this is a simple example that just takes item number, amount and timestamp
Orders::add($item->number, $item->amount, time());
$orderId = Orders::lastInsertId();
//create paypal data
$paypalData=array(
'business'=>'[email protected]',
'cmd'=>'_xclick',
'notify_url'=>'http://yoursite.com/1hd-ff-ipn.php', //call this something random, you dont want it getting hit by web bots
'return'=>'http://yoursite.com/thanks-for-your-order.php',
'cancel_return'=>'http://yoursite.com/cancel.php?orderid=' . $orderId,
'amount'=>$item->amount,
'currency_code'=>'GBP',
'item_number'=>$item->number,
'item_name'=>$item->name,
'custom'=>$orderId
);
//build a query string and redirect to paypal
$query_string = http_build_query($paypalData);
header("Location: https://www.paypal.com/cgi-bin/webscr?" . $query_string);
//done
die();
Now you can crosscheck price against orderid in your ipn script:
//1hd-ff-ipn.php
$order = Orders::getOne($_POST['custom']);
if ($_POST['mc_gross'] != $order->amount) {
//price mismatch, handle accordingly
}
//more checks here as required, then
$order->paymentStatus = 'complete';
$order->save();
And delete orders in your cancel page
//cancel.php
Orders::delete($_GET['orderid');
?>
<h1>Sorry you cancelled</h1>
You can also run a crom every hour/day/whatever to handle abandoned orders
//cron.php
//delete pending older than 1 day,
Orders::deleteWhere('status = ? and ordered_on <?','pending', time() - (24 * 60 * 60));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
