Pay Pal IPN integration


I'm looking at integrating my custom shopping cart to the paypay payment gateway using Instant Payment Notification.

Has anyone got any sample code, I'm using php.

I need a few things clarified that I can't find on the paypal support docs.

Basically, my shopping cart produces an array for each Item (ID, Price, Name etc...)

what is the best way to integrate this with IPN, and what are the minimum variables paypal requires?

Any help is much appreciated.


Who is Participating?
punkstarConnect With a Mentor Commented:
Okay...i am currently building a paypal IPN script for my organisation.  The basic idea behind it is that you need to get the $_POST variables sent by paypal, you send them back to them, and then they tell you the status of the request (wether it was VERIFIED or INVALID.  If the result is VERIFIED, then as far as I can tell, you can count the data as being valid.

So first we need to gather all of the data that was sent, and then send it back to them.

$vars = "cmd=_notify-validate";
$paypal = $_POST;

foreach($_POST as $key => $value)
  $vars .= "&".$key."=".$value;
$port = fsockopen ("", 80, $errno, $errstr, 30);
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n"."Host:\r\n"."Content-Type: application/x-www-form-urlencoded\r\n"."Content-Length: " . strlen($vars) . "\r\n\r\n";

//check that the connection could be made
if(!$port && !$error)
  echo "Problem: Error Number: " . $errno . " Error String: " . $errstr;
  fputs ($port, $header . $vars);
    while (!feof($port))
      $reply = fgets ($port, 1024);
      $reply = trim ($reply);

I got this code, and adapted it from

Then the $reply variable will either be == "VERIFIED" or "INVALID".

you can use this variable to check wether the information that was sent to you is exactly the same as the data the paypal sent you.  You must do this to stop hackers and exploiters sending stray POST's to your script, and then your script would update your database or whatever with the thought that they have paid, but really they have not.

to try and explain that a bit more clearly, anyone can do what paypal does to your script, basically it send a set of variables to you script. if someone else did this, then they could be sending you information that isnt true.  Maybe they sent you the information that one of your clients has paid, when he hasnt.  this can lead to people dodging payments.  so you send the variables to paypal to check them out, if the variables are correct, paypal will verify you, or otherwise invalid it. this response is stored in $result with this script...

It is then important that you check these things (as stated on belahost)

/* Now that IPN was VERIFIED below are a few things which you may want to do at this point.
 1. Check that the "payment_status" variable is: "Completed"
 2. If it is Pending you may want to wait or inform your customer?
 3. You should Check your datebase to ensure this "txn_id" or "subscr_id" is not a duplicate. txn_id is not sent with subscriptions!
 4. Check "payment_gross" or "mc_gross" matches match your prices!
 5. You definately want to check the "receiver_email" or "business" is yours.

I strongly suggest that you download paypal.php on the link i gave you!

Hope this helps man.

DBBAuthor Commented:
Thanks Punkstar,

I'm looking into this and will get back to you (probably for more help!)


No problem...this has been hurting my head too!

I am not a pro at IPN, but once you get the gist (jist?) and have some idea of what you are doing explained on your level, then its all good.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.