问题
I wrote an IPN listener for PayPal and when I first did it everything worked fine. I am not sure why, it stopped working. My Instant Payment Notification is set to: https://domainname/webpage/?action=IPN_Handler
Auto return for website payments url is: https://domainname/webpage
My Listener code is:
if (isset($_GET['action']) && $_GET['action']=='IPN_Handler') {
echo "Thank you for your payment";
$amt = $_GET['amt'];
$txn_id = $_GET['tx'];
$st = $_GET['st'];
$msg = $_GET['item_name'];
$date= date("Y-m-d");
}
Once the code returns the page has this in the location area: Link
I added a var_dump on the if statement and it returns bool(false).
What am I doing wrong with my code?
回答1:
Thanks for hearing me, Let me explain you how to upgrade prepare statement espacily in a payment process. I dont have all your data so I will do it with what you showed in question.
Here is a simple prepare statement, hope it will help you.
$conn is db connection field change it to yours
if (isset($_POST['action']) && $_POST['action']=='IPN_Handler') {
// we get all params from html form I use post method always if dont need to get a url paratemer
$amt = htmlspecialchars($_POST['amt']);
$txn_id = htmlspecialchars($_POST['tx']);
$st = htmlspecialchars($_POST['st']);
$msg = htmlspecialchars($_POST['item_name']);
$date= date("Y-m-d");
//Here we need to validate form inputs
if(empty($amt) || empty($txn_id) || empty($st) || empty($msg)) {
echo "Field all required";
}else{
$stmt = $conn->prepare("INSERT INTO Your_table_name (amt, tx, st, item_name, date) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param("sssss", $amt, $txn_id, $st, $msg, $date);
// we used bind_param so now we need to execute
if($stmt->execute()){
echo "New records created successfully";
header('Location: yourpage.php');
exit();
}else{
echo "Failed to insert new records in database.";
}
// Free yourconnection
$stmt->free_result();
}
}
UPDATE : Tested working on my case here is html form :
<form action="page.php" method="POST">
<input type="text" name="amt" placeholder="dsdsd">
<input type="text" name="tx" placeholder="sdsd">
<input type="text" name="st" placeholder="dsdsd">
<input type="text" name="item_name" placeholder="sdsd">
<input type="text" name="date" placeholder="dsdsd">
<input type="hidden" name="action" value="IPN_Handler" />
<input type="submit" name="LoginBtn" placeholder="signup">
</form>For more explanition see here https://www.w3schools.com/php/php_mysql_prepared_statements.asp
Here is where I modified your code:
if (isset($_GET['action']) AND $_GET['action']=='IPN_Handler') {
//Here we need to validate form inputs
$amt = mysqli_real_escape_string($link, $_GET['amt']);
$txn_id = mysqli_real_escape_string($link, $_GET['tx']);
$st = mysqli_real_escape_string($link, $_GET['st']);
$msg = mysqli_real_escape_string($link, $_GET['item_name']);
$date= date("Y-m-d");
$sql = "UPDATE wp_ready2_play SET amount=?, payment_id=?, payment_status=?, message=?, payment_dte=? WHERE id =?";
$stmt = mysqli_stmt_init($link);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "ssssss", $amt, $txn_id, $st, $msg, $date, $data);
mysqli_stmt_execute($stmt);
echo "Thank you for your payment";
echo "Transaction has been made successfully.";
}
// Free yourconnection
mysqli_free_result($stmt);
}
回答2:
The statement is always false because... the statement is always false. Look at the query string:
?amt=0.01&cc=USD&item_name=Subscription%20-%20214&st=Completed&tx=6PK91382LD487075H
There is no action item set anywhere, so the code execution correctly skips the block. You need to actually pass in the action, and it's associated value somehow for the code to execute like you expect.
The easiest, lowest-effort way of doing this is to simply add a hidden input inside the form.
<input type="hidden" name="action" value="IPN_Handler" />
When you submit the form, you should then see the new query string include the action parameter with the specified value, as action=IPN_Handler. You should be careful to verify the action value though, as users can manipulate hidden inputs simply by opening the developer tools.
来源:https://stackoverflow.com/questions/59553939/why-is-my-statement-always-false-if-isset-getaction-getaction