doupai1876 2016-08-18 16:25
浏览 33
已采纳

在转到行动链接之前验证表单字段

Okay, so the main reason I need to do this is because I need to pass a session variable to my PayPal IPN through the custom field. (At least that was the only solution that I thought of to pass the variable session to the IPN)

Now, I need to check if no one changes the id to another id using the browser inspect element. So as you can see, I already have my if statement below and it's working if I remove the action link but since the form action is set, it's not going to run the if set statement. So the question is, how can I validate a form field without removing the action link or before going to it?

If this isn't possible, is there any alternatives to do so? (Or at least, is there any other way to pass a session variable to the PayPal IPN without showing the id in the HTML?)

It's been almost 2 days trying to get this to work and nothing...

...
<?php
    if (isset($_POST['submit'])) {
        if ($_POST['custom'] == $_SESSION['id']) {
            header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr'); // This is what I tried but no success. (I did remove the action link when I added this)
        } else {
            header('Refresh: 0');
        }
    }
?>
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top"> <!-- I want it to verify first if the $_POST['custom'] is equal to the $_SESSION['id'] before it goes to the PayPal website.-->
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="*********">
<table>
    <tr>
        <td>
            <input type="hidden" name="on0" value="Items">Items
        </td>
    </tr>
    <tr>
        <td>
            <select name="os0">
                <option value="Item1">Item1 $1.00 USD</option>
                <option value="Item2">Item2 $2.00 USD</option>
            </select>
        </td>
    </tr>
</table>
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="custom" value="<?php echo $_SESSION['id']; ?>"/>
<input type="submit" name="submit" value="Buy now" />
</form>
?>
...
  • 写回答

1条回答 默认 最新

  • doumu4916 2016-08-18 16:40
    关注

    I would recommend sending the form data to another page on your server, which then adds the session information and posts to paypal. Also, I'm not sure why tables are being used in the form. That doesn't seem necessary.

    User Input Page

    <form action="path/to/submit_page.php" method="post" target="_top"> <!-- I want it to verify first if the $_POST['custom'] is equal to the $_SESSION['id'] before it goes to the PayPal website.-->
    <input type="hidden" name="cmd" value="_s-xclick">
    <input type="hidden" name="hosted_button_id" value="*********">
    <table>
        <tr>
            <td>
                <input type="hidden" name="on0" value="Items">Items
            </td>
        </tr>
        <tr>
            <td>
                <select name="os0">
                    <option value="Item1">Item1 $1.00 USD</option>
                    <option value="Item2">Item2 $2.00 USD</option>
                </select>
            </td>
        </tr>
    </table>
    <input type="hidden" name="currency_code" value="USD">
    <input type="submit" name="submit" value="Buy now" />
    </form>
    

    submit_page.php

    <?php
    
    session_start();
    
    $url = 'https://www.sandbox.paypal.com/cgi-bin/webscr';
    
    // Specify everything you need to send here
    $data = array('os0' => $_POST['os0'], 'currency_code' => $_POST['currency_code'], 'custom' => $_SESSION['id'], ... );
    
    $options = array(
        'http' => array(
            'header'  => "Content-type: application/x-www-form-urlencoded
    ",
            'method'  => 'POST',
            'content' => http_build_query($data)
        )
    );
    $context  = stream_context_create($options);
    $result = file_get_contents($url, false, $context);
    if ($result === FALSE) { /* Handle error */ }
    
    // Send user to success page
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)