Problems with PayPal Payments

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • adamjblakey
    New Member
    • Jan 2008
    • 133
    #1

    Problems with PayPal Payments

    Hi,

    I am trying to set up so that users on my site can pay to upgrade there account. What i thought would work but does not seem to be is this:

    Code:
    <input type="hidden" name="return" value="http://www.web.com/upgrade-account-process.php?id={$sessionid}">
    Then in the upgradeaccount-process.php i have done:

    [PHP]
    if (isset($_GET['type'])){

    $sdate = date("Y-m-d");

    $query = mysql_query("UP DATE `users` SET type='1', sdate='$sdate' WHERE id = '$_GET[id]'");

    header("Locatio n: members.php"); /* Redirect browser */
    exit();

    }
    [/PHP]

    But when i tried this it does not upgrade, have i done something wrong?

    Cheers,
    Adam
    Tags: None
    • Markus
      Recognized Expert Expert
      • Jun 2007
      • 6092
      #2
      [PHP]
      if (isset($_GET['type'])){

      $sdate = date("Y-m-d");

      $query = mysql_query("UP DATE `users` SET type='1', sdate='$sdate' WHERE id = '$_GET[id]'");

      header("Locatio n: members.php"); /* Redirect browser */
      exit();

      }
      [/PHP]

      That ^ will only execute if $_GET['type'] is found - and by looking at the url you pass, it doesn't contain a type=

      regards.

        Comment

        • coolsti
          Contributor
          • Mar 2008
          • 310
          #3
          There could be many reasons why this does not work. Are you connecting to the database somewhere?

          But more importantly, you are developing very dangerous and insecure code here!!!!

          You should never place the input from a $_GET or $_POST array directly into an SQL query statement!

          A malicious user could easilly enter as a $_GET value something that will do something very unnice if your statement is carried out.

          Always validate and properly filter any variable that can come from the user before using it in a query statement (or anything else that can be executed for that matter).

          Steve, Denmark

            Comment

            • adamjblakey
              New Member
              • Jan 2008
              • 133
              #4
              Sorry there is a type there as i posted an old version of the URL.

                Comment

                • coolsti
                  Contributor
                  • Mar 2008
                  • 310
                  #5
                  By the way, here is something that may help you with problems like this.

                  When I cannot get PHP run queries to work I debug with the following procedure:

                  Firstly, I open a mysql console to the database and try typing in (copy and pasting) the query into the console to see if the query works or if I get some sort of mysql error. Of course I substitute any PHP variables with actual values when I do this.

                  Secondly, I add echo statements to my code to find out why things may not be working. You can do an

                  echo $query . "<br>";

                  to see what the actual query statement is that you are submitting.

                  You can also look in the PHP documentation under mysql functions for a function that gives you information on what happened during the query and then echo the output of the function to the page, e.g. using echo statements. This will give you information on any errors, any warning, on how many rows were affected by the query, etc. You will also find out if for some reason you are not connecting to the database properly.

                  This should be sufficient for you to debug the problem.

                  Steve, Denmark

                    Comment

                    Previous template Next
                    Working...