Okay, so the main reason I need to do this is because I need to pass a session variable to my PayPal IPN through the custom field. (At least that was the only solution that I thought of to pass the variable session to the IPN)
Now, I need to check if no one changes the id to another id using the browser inspect element. So as you can see, I already have my if statement below and it's working if I remove the action link but since the form action is set, it's not going to run the if set statement. So the question is, how can I validate a form field without removing the action link or before going to it?
If this isn't possible, is there any alternatives to do so? (Or at least, is there any other way to pass a session variable to the PayPal IPN without showing the id in the HTML?)
It's been almost 2 days trying to get this to work and nothing...
...
<?php
if (isset($_POST['submit'])) {
if ($_POST['custom'] == $_SESSION['id']) {
header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr'); // This is what I tried but no success. (I did remove the action link when I added this)
} else {
header('Refresh: 0');
}
}
?>
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_top"> <!-- I want it to verify first if the $_POST['custom'] is equal to the $_SESSION['id'] before it goes to the PayPal website.-->
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="*********">
<table>
<tr>
<td>
<input type="hidden" name="on0" value="Items">Items
</td>
</tr>
<tr>
<td>
<select name="os0">
<option value="Item1">Item1 $1.00 USD</option>
<option value="Item2">Item2 $2.00 USD</option>
</select>
</td>
</tr>
</table>
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="custom" value="<?php echo $_SESSION['id']; ?>"/>
<input type="submit" name="submit" value="Buy now" />
</form>
?>
...