0

I'm integrating a paypal payment method on my website, I got it all running just fine, I'm stuck at the point were paypal sends me to my return URL with information about the customer and items purchased.

I get this following structure on the confirmation array

Array
(
    some customer info
    ...
    [L_NAME0] => Frame%20Rojo
    [L_NAME1] => External%20Hard%20Disk
    [L_NUMBER0] => PD1002
    [L_NUMBER1] => PD1003
    [L_QTY0] => 1
    [L_QTY1] => 1
    [L_TAXAMT0] => 0%2e00
    [L_TAXAMT1] => 0%2e00
    [L_AMT0] => 29%2e00
    [L_AMT1] => 100%2e00
    ...
)

What I'm interested is in saving the whole item list, quantities and prices to my database so I can later keep track of what's been sent and what not.

My issue here is that as you can see, paypal returns to me a set of values that are names "something+n" (L_NUMBER0 and so on), so, I can't just set up a table on my DDBB as I don't know how many items would an user get. I could save it on 2 tables: purchase and items_per_purchase like structure, but I still face the issue of parsing that array.

What would be the best way to run through it and see how many items per purchase there are to save?

I thought of some kind of bucle wich sees:

while(if(isset($_GET['L_NUMBER'.$cont]))) {
    // save to ddbb
    L_NAME.$cont
    L_NUMBER.$cont
    ...
    cont++
}

... and increment some counter but I would like to know if there's a better solution.

Dunnow
  • 414
  • 1
  • 5
  • 22
  • I would recommend taking a look at this [PayPal PHP SDK](https://www.angelleye.com/product/paypal-sdk-php/). Not only does it make the calls a lot quicker and easier for you, but it also parses all of the responses data for you, too. – Drew Angell Jan 07 '16 at 22:53

1 Answers1

0

I think your solution is fine, though you don't need an if inside the while test...

$cont = 0;
while (isset($_GET['L_NUMBER' . $cont])) {
    // save to database after assembling array keys as follows...
    // L_NAME . $cont
    // L_NUMBER . $cont
    // etc.

    cont++;
}

And you should never trust input from $_GET. I recommend using parameterized queries with PDO.

Community
  • 1
  • 1
Patrick Lee
  • 1,990
  • 1
  • 19
  • 24
  • the IF thing makes sense now that you say it, I never used isset in a bucle up until now, so I didn't even think about already throwing a boolean to break the while by itself. I ommited the scape thing for being simple on the thread but thanks for reminding me anyway, anyone who finds this might've gotten confused, and security is always important. I'll wait a few hous to see new replys but will provably end up marking yours as valid, thanks. – Dunnow Jan 07 '16 at 20:50
  • Glad to hear you're already well aware of SQL injection. I feel morally obligated to mention it in questions like this. :) – Patrick Lee Jan 07 '16 at 20:51