Pay Pal IPN integration

Posted on 2005-05-06
Last Modified: 2013-11-29

I'm looking at integrating my custom shopping cart to the paypay payment gateway using Instant Payment Notification.

Has anyone got any sample code, I'm using php.

I need a few things clarified that I can't find on the paypal support docs.

Basically, my shopping cart produces an array for each Item (ID, Price, Name etc...)

what is the best way to integrate this with IPN, and what are the minimum variables paypal requires?

Any help is much appreciated.


Question by:DBB
    LVL 4

    Accepted Solution

    Okay...i am currently building a paypal IPN script for my organisation.  The basic idea behind it is that you need to get the $_POST variables sent by paypal, you send them back to them, and then they tell you the status of the request (wether it was VERIFIED or INVALID.  If the result is VERIFIED, then as far as I can tell, you can count the data as being valid.

    So first we need to gather all of the data that was sent, and then send it back to them.

    $vars = "cmd=_notify-validate";
    $paypal = $_POST;

    foreach($_POST as $key => $value)
      $vars .= "&".$key."=".$value;
    $port = fsockopen ("", 80, $errno, $errstr, 30);
    $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"."Host:\r\n"."Content-Type: application/x-www-form-urlencoded\r\n"."Content-Length: " . strlen($vars) . "\r\n\r\n";

    //check that the connection could be made
    if(!$port && !$error)
      echo "Problem: Error Number: " . $errno . " Error String: " . $errstr;
      fputs ($port, $header . $vars);
        while (!feof($port))
          $reply = fgets ($port, 1024);
          $reply = trim ($reply);

    I got this code, and adapted it from

    Then the $reply variable will either be == "VERIFIED" or "INVALID".

    you can use this variable to check wether the information that was sent to you is exactly the same as the data the paypal sent you.  You must do this to stop hackers and exploiters sending stray POST's to your script, and then your script would update your database or whatever with the thought that they have paid, but really they have not.

    to try and explain that a bit more clearly, anyone can do what paypal does to your script, basically it send a set of variables to you script. if someone else did this, then they could be sending you information that isnt true.  Maybe they sent you the information that one of your clients has paid, when he hasnt.  this can lead to people dodging payments.  so you send the variables to paypal to check them out, if the variables are correct, paypal will verify you, or otherwise invalid it. this response is stored in $result with this script...

    It is then important that you check these things (as stated on belahost)

    /* Now that IPN was VERIFIED below are a few things which you may want to do at this point.
     1. Check that the "payment_status" variable is: "Completed"
     2. If it is Pending you may want to wait or inform your customer?
     3. You should Check your datebase to ensure this "txn_id" or "subscr_id" is not a duplicate. txn_id is not sent with subscriptions!
     4. Check "payment_gross" or "mc_gross" matches match your prices!
     5. You definately want to check the "receiver_email" or "business" is yours.

    I strongly suggest that you download paypal.php on the link i gave you!

    Hope this helps man.

    LVL 2

    Author Comment

    Thanks Punkstar,

    I'm looking into this and will get back to you (probably for more help!)


    LVL 4

    Expert Comment

    No problem...this has been hurting my head too!

    I am not a pro at IPN, but once you get the gist (jist?) and have some idea of what you are doing explained on your level, then its all good.

    LVL 2

    Author Comment


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
    This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
    The viewer will learn how to count occurrences of each item in an array.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now