Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

Function Doesn't Work Using For-Loop

The following array is fed via POST to the code snippet attached:
Array ( [test_ipn] => 1 [payment_type] => instant [payment_date] => 15:39:45 Nov. 10, 2008 PST [payment_status] => Completed [payer_status] => verified [first_name] => John [last_name] => Smith [payer_email] => buyer@paypalsandbox.com [payer_id] => TESTBUYERID01 [business] => seller@paypalsandbox.com [receiver_email] => seller@paypalsandbox.com [receiver_id] => TESTSELLERID1 [residence_country] => US [item_name1] => namee [item_number1] => 2 [quantity1] => 1 [tax] => 2.02 [mc_currency] => USD [mc_fee] => 0.44 [mc_gross] => 15.34 [mc_gross1] => 12.34 [mc_handling] => 2.06 [mc_handling1] => 1.67 [mc_shipping] => 3.02 [mc_shipping1] => 1.02 [txn_type] => cart [txn_id] => 4511102339 [notify_version] => 2.4 [custom] => 6 [invoice] => abc1234 [charset] => windows-1252 [verify_sign] => ALT7Oyv1-TflZKVovVDb8olzpdU2AV9r0Ac01kxaBbv3.MNNPeWcYPqM )

The code snippet is supposed to update the database, but it doesn't get updated. Why doesn't the script work?

Note: I even changed the value of $result to "1" for testing purposes, but there is still no functionality.
// Check the transaction type
function txnIPN($data)
{
	if ($_POST['txn_type'] == "cart") {
		return 1;
	} else if ($_POST['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	// Get items
	for ($i=1; $i <= $_POST['num_cart_items'] ; $i++)
	{
	
	// Make the inputs safe from SQL injection hacking
	$id = mysql_real_escape_string($data['item_number{$i}']);
	$amount = mysql_real_escape_string($data['mc_gross_{$i}']);
 
	// Query for the data
	$query = "SELECT * FROM projects WHERE `id_prj` = $id";
	$result1 = insertQuery($query);
 
	// Retrieve the query data and compute
	$row = mysql_fetch_array($result1);
	$paid = $row['paid_prj'] + $amount;
	$due = $row['due_prj'] - $amount;
	$notes = $row['notes_prj'] . "A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
	// Update the database
	$query{$i} = "UPDATE projects SET `paid_prj` = '$paid', `due_prj` = '$due', `notes_prj` = '$notes' WHERE `id_prj` = $id LIMIT 1";
	insertQuery($query{$i});
	}
	
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch ($data['payment_status']) { case "Completed": $status = "1"; break; case "Pending": $status = "2"; break; case "Reversed": $status = "3"; break; case "Refunded": $status = "4"; break; case "Voided": $status = "5"; break; default: $status = ""; }
		
		// Update the database
		$queryx = "INSERT INTO orders (OrderReferenceID, OrderVisitorID, OrderShipping, OrderTax, OrderTotal, OrderDate, OrderShipAddress1, OrderShipCity, OrderShipStateID, OrderShipZip, OrderShipCountryID, OrderStatus) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', $shipzip, '$shipcountryid', '$status')";
		insertQuery($queryx);
		
		// Get items
		for ($i=1; $i <= $_POST['num_cart_items'] ; $i++)
		{
		
		// Make the inputs safe from SQL injection hacking (for the order detail table)
		$detailorderid = mysql_insert_id();
		$detailitemid = mysql_real_escape_string($data['item_number{$i}']);
		$detailitemname = mysql_real_escape_string($data['item_name{$i}']);
		$detailitemdesc = "Payment for " . mysql_real_escape_string($data['item_name{$i}']) . ". ";
		$detailquantity = mysql_real_escape_string($data['quantity{$i}']);
		$detailprice = mysql_real_escape_string($data['mc_gross_{$i}']);
		
		// Update the database (for the order detail table)
		$query{$i} = "INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
		insertQuery($query{$i});
		}
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}

Open in new window

0
EMB01
Asked:
EMB01
  • 36
  • 28
  • 9
  • +2
3 Solutions
 
hieloCommented:
1. If you look at the post array your passing you will see:
 [txn_type] =>

basixally, txn_type has no value

2. you are calling your function with:
$result = txnIPN($_POST);

so in the function you should be using $data, NOT  $_POST
function txnIPN($data)
{
        if ($data['txn_type'] == "cart") {
                return 1;
        } else if ($data['txn_type'] == "send_money") {
                return 2;
        }
}

your main problem seems to be point #1 above.
 
0
 
Roger BaklundCommented:
PHP will not resolve variables in single quotes, you must use double quotes. Change this:

        $id = mysql_real_escape_string($data['item_number{$i}']);
        $amount = mysql_real_escape_string($data['mc_gross_{$i}']);

...into this:

        $id = mysql_real_escape_string($data["item_number{$i}"]);
        $amount = mysql_real_escape_string($data["mc_gross_{$i}"]);


The same changes must be done in lines 61-65.

In lines 33-34 and 68-69, remove {$i}:

$query = ...
insertQuery($query);
0
 
hieloCommented:
to clarify further, your function is not returning 1 nor 2. So:
if ($result == 1)


will never be  true. If you want to make the function return 1 by default, then use:
function txnIPN($data)
{
        if ($data['txn_type'] == "cart") {
                return 1;
        } else if ($data['txn_type'] == "send_money") {
                return 2;
        }
return 1;
}

Open in new window

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
quincydudeCommented:
Have you tried using mysql_query()  instead of insertQuery? (in case you are using mysql)
0
 
EMB01Author Commented:
Thanks for all of your help. I knew there would be several problems with this one. I will review this advice and accept a solution (probably after a question or two). And, to quincydude: Sorry, insertQuery is a function I forgot to add - it has the same effect as mysql_query. Thanks, again!
0
 
EMB01Author Commented:
I fixed these problems but the script still doesn't seem to work.

hielo, txn_type equals "cart." See the below taken from the array:
[txn_type] => cart

cxr, I changed the apostrophes and removed the quotes but it still doesn't work.

Anything else I can do?
0
 
EMB01Author Commented:
Looking at this further, it doesn't look like there's a $_POST['num_cart_items'] from the array. So, how else can I count and retrieve these variables:
[item_name1] => namee [item_number1] => 2 [quantity1] => 1 [tax] => 2.02 [mc_currency] => USD [mc_fee] => 0.44 [mc_gross] => 15.34 [mc_gross1] => 12.34 [mc_handling] => 2.06 [mc_handling1] => 1.67 [mc_shipping] => 3.02 [mc_shipping1] => 1.02

There will be any number of items per order, so I need to count them and there doesn't seem to be a 'num_cart_items' variable assigned from this post for some reason (usually it's assigned from the source I'm dealing with- PayPal) ...
0
 
hieloCommented:
>>Looking at this further, it doesn't look like there's a $_POST['num_cart_items'] from the array. So, how else can I count and retrieve these variables:
Try:
//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item(\d+)#',$v,$match )
		{
			$itemNumbers[]=$match[1][0];
		}
	}
return ($itemNumbers);
}
$cartItems = getItems($_POST);
if( 0==count($cartItems) )
{
	echo "No items submitted";
}
else
{
	foreach($cartItems as $itemId)
	{
		echo $_POST["item{$itemId}"];
	}
}

Open in new window

0
 
EMB01Author Commented:
It returns an internal server error - this is usually result of a syntax error. I'm using PayPal's IPN simulator. Therefore, I can't see the exact error; but I know the IPN couldn't be sent. Anything else that might work?
0
 
hieloCommented:
remove this:
            if( preg_match('#item(\d+)#',$v,$match )
            {
                  $itemNumbers[]=$match[1][0];
            }

and use this instead (copy and paste):
		if( preg_match('#item(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}

Open in new window

0
 
EMB01Author Commented:
Okay, thanks. The conditional returned "no items." Here's the array from POST:
Array
(
    [test_ipn] => 1
    [payment_type] => instant
    [payment_date] => 09:53:16 Nov. 11, 2008 PST
    [payment_status] => Completed
    [payer_status] => verified
    [first_name] => John
    [last_name] => Smith
    [payer_email] => buyer@paypalsandbox.com
    [payer_id] => TESTBUYERID01
    [business] => seller@paypalsandbox.com
    [receiver_email] => seller@paypalsandbox.com
    [receiver_id] => TESTSELLERID1
    [residence_country] => US
    [item_name1] => something
    [item_number1] => 1
    [quantity1] => 1
    [tax] => 2.02
    [mc_currency] => USD
    [mc_fee] => 0.44
    [mc_gross] => 15.34
    [mc_gross1] => 12.34
    [mc_handling] => 2.06
    [mc_handling1] => 1.67
    [mc_shipping] => 3.02
    [mc_shipping1] => 1.02
    [txn_type] => cart
    [txn_id] => 1611111753
    [notify_version] => 2.4
    [custom] => xyz123
    [invoice] => abc1234
    [charset] => windows-1252
    [verify_sign] => ASLvE5jy.jrbtCkw-qgljVRcP1GCAMURwfWHLcXSVM5D8sZK1pbUNDKC
)
0
 
hieloCommented:
change:
if( preg_match('#item(\d+)#',$v,$match ) )

to:
if( preg_match('#item_name(\d+)#',$v,$match ) )
0
 
EMB01Author Commented:
Now we're getting somewhere. How do I implement that into my current script? I tried a few things already but none of them are working.
0
 
hieloCommented:

//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item_name(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}
	}
return ($itemNumbers);
}
 
// Check the transaction type
function txnIPN($data)
{
	if ($_data['txn_type'] == "cart") {
		return 1;
	} else if ($_data['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	// Get items
	$itemIds = getItems($data);
	if(count($itemIds)==0)
	{
		echo "No items found";
		return;
	}
 
	foreach($itemIds as $i)
	{
	
	// Make the inputs safe from SQL injection hacking
	$id = mysql_real_escape_string($data['item_number{$i}']);
	$amount = mysql_real_escape_string($data['mc_gross_{$i}']);
 
	// Query for the data
	$query = "SELECT * FROM projects WHERE `id_prj` = $id";
	$result1 = insertQuery($query);
 
	// Retrieve the query data and compute
	$row = mysql_fetch_array($result1);
	$paid = $row['paid_prj'] + $amount;
	$due = $row['due_prj'] - $amount;
	$notes = $row['notes_prj'] . "A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
	// Update the database
	$query{$i} = "UPDATE projects SET `paid_prj` = '$paid', `due_prj` = '$due', `notes_prj` = '$notes' WHERE `id_prj` = $id LIMIT 1";
	insertQuery($query{$i});
	}
	
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch ($data['payment_status']) { case "Completed": $status = "1"; break; case "Pending": $status = "2"; break; case "Reversed": $status = "3"; break; case "Refunded": $status = "4"; break; case "Voided": $status = "5"; break; default: $status = ""; }
		
		// Update the database
		$queryx = "INSERT INTO orders (OrderReferenceID, OrderVisitorID, OrderShipping, OrderTax, OrderTotal, OrderDate, OrderShipAddress1, OrderShipCity, OrderShipStateID, OrderShipZip, OrderShipCountryID, OrderStatus) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', $shipzip, '$shipcountryid', '$status')";
		insertQuery($queryx);
		
		// Get items
		for ($i=1; $i <= $_POST['num_cart_items'] ; $i++)
		{
		
		// Make the inputs safe from SQL injection hacking (for the order detail table)
		$detailorderid = mysql_insert_id();
		$detailitemid = mysql_real_escape_string($data['item_number{$i}']);
		$detailitemname = mysql_real_escape_string($data['item_name{$i}']);
		$detailitemdesc = "Payment for " . mysql_real_escape_string($data['item_name{$i}']) . ". ";
		$detailquantity = mysql_real_escape_string($data['quantity{$i}']);
		$detailprice = mysql_real_escape_string($data['mc_gross_{$i}']);
		
		// Update the database (for the order detail table)
		$query{$i} = "INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
		insertQuery($query{$i});
		}
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}

Open in new window

0
 
EMB01Author Commented:
Here's my code; not sure why it won't work (attached) - there are no errors but nothing gets updated yet:

//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item_name(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}
	}
return ($itemNumbers);
}
 
// Check the transaction type
function txnIPN($data)
{
	if ($_data['txn_type'] == "cart") {
		return 1;
	} else if ($_data['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	// Get items
	$itemIds = getItems($data);
	if(count($itemIds)==0)
	{
		echo "No items found";
		return;
	}
 
	foreach($itemIds as $i)
	{
	
	// Make the inputs safe from SQL injection hacking
	$id = mysql_real_escape_string($data['item_number{$i}']);
	$amount = mysql_real_escape_string($data['mc_gross_{$i}']);
 
	// Query for the data
	$query = "SELECT * FROM projects WHERE `id_prj` = $id";
	$result1 = insertQuery($query);
 
	// Retrieve the query data and compute
	$row = mysql_fetch_array($result1);
	$paid = $row['paid_prj'] + $amount;
	$due = $row['due_prj'] - $amount;
	$notes = $row['notes_prj'] . "A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
	// Update the database
	$query{$i} = "UPDATE projects SET `paid_prj` = '$paid', `due_prj` = '$due', `notes_prj` = '$notes' WHERE `id_prj` = $id LIMIT 1";
	insertQuery($query{$i});
	}
	
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch ($data['payment_status']) { case "Completed": $status = "1"; break; case "Pending": $status = "2"; break; case "Reversed": $status = "3"; break; case "Refunded": $status = "4"; break; case "Voided": $status = "5"; break; default: $status = ""; }
		
		// Update the database
		$queryx = "INSERT INTO orders (OrderReferenceID, OrderVisitorID, OrderShipping, OrderTax, OrderTotal, OrderDate, OrderShipAddress1, OrderShipCity, OrderShipStateID, OrderShipZip, OrderShipCountryID, OrderStatus) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', $shipzip, '$shipcountryid', '$status')";
		insertQuery($queryx);
		
		// Get items
		for ($i=1; $i <= $_POST['num_cart_items'] ; $i++)
		{
		
		// Make the inputs safe from SQL injection hacking (for the order detail table)
		$detailorderid = mysql_insert_id();
		$detailitemid = mysql_real_escape_string($data['item_number{$i}']);
		$detailitemname = mysql_real_escape_string($data['item_name{$i}']);
		$detailitemdesc = "Payment for " . mysql_real_escape_string($data['item_name{$i}']) . ". ";
		$detailquantity = mysql_real_escape_string($data['quantity{$i}']);
		$detailprice = mysql_real_escape_string($data['mc_gross_{$i}']);
		
		// Update the database (for the order detail table)
		$query{$i} = "INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
		insertQuery($query{$i});
		}
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}

Open in new window

0
 
hieloCommented:
copy and paste this:
//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item_name(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}
	}
return ($itemNumbers);
}
 
// Check the transaction type
function txnIPN($data)
{
	if ($_data['txn_type'] == "cart") {
		return 1;
	} else if ($_data['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	// Get items
	$itemIds = getItems($data);
	if(count($itemIds)==0)
	{
		echo "No items found";
		return;
	}
 
	foreach($itemIds as $i)
	{
	
		// Make the inputs safe from SQL injection hacking
		$id = mysql_real_escape_string($data["item_number{$i}"]);
		$amount = mysql_real_escape_string($data["mc_gross_{$i}"]);
 
		// Query for the data
		$query = "SELECT * FROM projects WHERE `id_prj` = $id";
		$result1 = insertQuery($query);
 
		// Retrieve the query data and compute
		$row = mysql_fetch_array($result1);
		$paid = $row['paid_prj'] + $amount;
		$due = $row['due_prj'] - $amount;
		$notes = $row['notes_prj'] . "A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
		// Update the database
		$query{$i} = "UPDATE projects SET `paid_prj` = '$paid', `due_prj` = '$due', `notes_prj` = '$notes' WHERE `id_prj` = $id LIMIT 1";
		insertQuery($query{$i});
	}
	
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch ($data['payment_status']) { case "Completed": $status = "1"; break; case "Pending": $status = "2"; break; case "Reversed": $status = "3"; break; case "Refunded": $status = "4"; break; case "Voided": $status = "5"; break; default: $status = ""; }
		
		// Update the database
		$queryx = "INSERT INTO orders (OrderReferenceID, OrderVisitorID, OrderShipping, OrderTax, OrderTotal, OrderDate, OrderShipAddress1, OrderShipCity, OrderShipStateID, OrderShipZip, OrderShipCountryID, OrderStatus) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', $shipzip, '$shipcountryid', '$status')";
		insertQuery($queryx);
		$detailorderid = mysql_insert_id();
		
		// Get items
//		for ($i=1; $i <= $_POST['num_cart_items'] ; $i++)
		foreach($itemIds as $i)
		{
		
		// Make the inputs safe from SQL injection hacking (for the order detail table)
		$detailitemid = mysql_real_escape_string($data["item_number{$i}"]);
		$detailitemname = mysql_real_escape_string($data["item_name{$i}"]);
		$detailitemdesc = "Payment for " . mysql_real_escape_string($data["item_name{$i}"]) . ". ";
		$detailquantity = mysql_real_escape_string($data["quantity{$i}"]);
		$detailprice = mysql_real_escape_string($data["mc_gross_{$i}"]);
		
		// Update the database (for the order detail table)
		$query{$i} = "INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
		insertQuery($query{$i});
		}
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}

Open in new window

0
 
EMB01Author Commented:
My script mirrors yours exactly; however, the database isn't updated.
0
 
hieloCommented:
>> I'm using PayPal's IPN simulator. Therefore, I can't see the exact error
I suggest you set up an alternate environment with the necessary db so you can troubleshoot: => "however, the database isn't updated. " is not useful feedback.

How do you expect me to help you?
0
 
EMB01Author Commented:
Well, good point, but it's the best I've got. I use this to throw back variables and such:
$address = "admin@emarketbuilders.com";
      $subject = "PROCEESS SEND_MONEY";
      $body = "PROCESS SEND_MONEY\n\n ";
      $headers =
            "From: me@mywebsite.com\r\n" .
            "Reply-To: me@mywebsite.com\r\n" .
            "X-Mailer: PHP/" . phpversion();
      mail($address, $subject, $body, $headers);
0
 
hieloCommented:
>>. I use this to throw back variables and such:
OK, then modify the code to "gather" the queries it attempts to execute and have it mail you the queries so you can see if the queries are valid or not. Or at least you will be able to see what is executing and what is not.
0
 
EMB01Author Commented:
I changed this:
// Check the transaction type
function txnIPN($data)
{
      if ($_data['txn_type'] == "cart") {
            return 1;
      } else if ($_data['txn_type'] == "send_money") {
            return 2;
      }
}

To this:
// Check the transaction type
function txnIPN($data)
{
      if ($data['txn_type'] == "cart") {
            return 1;
      } else if ($data['txn_type'] == "send_money") {
            return 2;
      }
}

So, now the following conditional works:
$result = txnIPN($_POST);
if ($result == 1)

Nothing seems to work after this line:
if(count($itemIds)==0)

What could be wrong with that line, do you think?
0
 
EMB01Author Commented:
Scratch that. I'm testing a bit further and it seems that line is fine. Standby!
0
 
hieloCommented:
>>if ($_data ...
>> to
>>if ($data
YES!!! Good catch. My apologies for that! :(
0
 
EMB01Author Commented:
Okay, the query "SELECT * FROM projects WHERE `id_prj` = $id" only reads ""SELECT * FROM projects WHERE `id_prj` = " instead of "SELECT * FROM projects WHERE `id_prj` = 1" when executed. When I set it to static (as below), the database still isn't updated so the problem is that the following variables are not being displayed:
$data["item_number{$i}"]
$data["mc_gross_{$i}"]

What can we do to make these display? Thank you.
0
 
hieloCommented:
what is getItems($data) returning? Try:

$itemIds = getItems($data);
$returnedData = implode("; ", $itemIds);

and email your self the value of $returnedData;

0
 
EMB01Author Commented:
The value of $returnedData is "1."
0
 
hieloCommented:
try:
$id = mysql_real_escape_string( $data["item_number" . $i] );
$amount = mysql_real_escape_string( $data["mc_gross_" . $i] );
0
 
hieloCommented:
alternatively try:
$id = mysql_real_escape_string( $_POST["item_number" . $i] );
$amount = mysql_real_escape_string( $_POST["mc_gross_" . $i] );
0
 
hieloCommented:
I am signing off :(
0
 
EMB01Author Commented:
Hopefully, we can work on this again soon. Anyway, for next time, I was being unclear: The variables are returned, they just aren't displayed in the query. The variable "$data["item_number{$i}"]" exists, but when used in the query it only displays "SELECT * FROM projects WHERE `id_prj` =."
0
 
Roger BaklundCommented:
The code In ID: 22934378 is using single quotes in $data['item_number{$i}'], it should be $data["item_number{$i}"]. The double quotes are essential here!

If you followed hielo's advice and copied his code from ID: 22934546 it should be fixed, though. (I don't know if you did, you replied "My script mirrors yours exactly" indicating you did not see any reason to copy the code?)

Any of the two last suggestions from him (before the signout) should also fix this issue.
0
 
Ray PaseurCommented:
EMB01 - this is exactly the issue I was hoping to help you with in the other post - I have solved this problem myself.  IIRC you said my solution there was too complicated or words to that effect.  Please let me know if you want to try a drop-in solution - I can post the whole script if you're not already astisfied with what you've gotten here. ~Ray
0
 
EMB01Author Commented:
cxr:
The double-quotes are still in effect:
$id = mysql_real_escape_string($data["item_number{$i}"]);
$amount = mysql_real_escape_string($data["mc_gross_{$i}"]);

Ray:
This is obviously not working for me! I would very much appreciate your (way-over-my-head) script, if you would be so kind.
0
 
EMB01Author Commented:
And, just for the record, the only error seems to be this:
The variable ($data["item_number{$i}"]) exists and is equal to 1. However, when combined into the query variable ("SELECT * FROM projects WHERE `id_prj` = $id") the query only outputs this (without the 1 value in the place of $id):
SELECT * FROM projects WHERE `id_prj` =

Attached is the whole part of this code...
// Make the inputs safe from SQL injection hacking
		$id = mysql_real_escape_string($data["item_number{$i}"]);
		$amount = mysql_real_escape_string($data["mc_gross_{$i}"]);
 
// Query for the data
		$query = "SELECT * FROM projects WHERE `id_prj` = $id";

Open in new window

0
 
hieloCommented:
>>And, just for the record, the only error seems to be this:
OK, then try replacing this:


$id = mysql_real_escape_string($data["item_number{$i}"]);
$amount = mysql_real_escape_string($data["mc_gross_{$i}"]);
 
with this:
$id = $data["item_number{$i}"];
$amount = $data["mc_gross_{$i}"];

Open in new window

0
 
EMB01Author Commented:
Good, that does display the value in the query. But, now something even stranger happens! The query gets executed with these variables:
$id = 1;
$amount = 1;

The query does not get executed with these variables (when they, too, are equal to 1):
$id = $data["item_number{$i}"];
$amount = $data["mc_gross_{$i}"];

Probably something about this part is wrong (?):
$query = "SELECT * FROM projects WHERE `id_prj` = $id";
0
 
hieloCommented:
>>Good, that does display the value in the query
OK, then let's ignore the rest of the function for now. It's not going to work as you have it. I'm assuming somewhere in your code you have something similar to:
function db_connect(){
...
$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
...
}
 
If yes, make sure that $link_id is global. So it should look like this:
 
$link_id=NULL;
function db_connect(){
global $link_id;
...
$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
...
}
 
 
then function processShoppingCart() should start as follows:
function processShoppingCart($data)
{
global $link_id;
...
}
 
 
AFTER you have done this changes, THEN change this:
$id = $data["item_number{$i}"];
$amount = $data["mc_gross_{$i}"];
 
back to:
$id = mysql_real_escape_string($data["item_number{$i}"]);
$amount = mysql_real_escape_string($data["mc_gross_{$i}"]);
 
and the other queries within that function should be syntatically correct.

Open in new window

0
 
EMB01Author Commented:
Here's my db_connect() function:
function db_connect()
{
global $dbhost, $dbusername, $dbuserpassword, $default_dbname;
global $MYSQL_ERRNO, $MYSQL_ERROR;
global $link_id;
$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
if (!$link_id)
{
$MYSQL_ERRNO = 0;
$MYSQL_ERROR = "Connection failed to the host.";
return 0;
}
else if (empty($dbname) && !mysql_select_db($default_dbname))
{
$MYSQL_ERRNO = mysql_errno();
$MYSQL_ERROR = mysql_error();
return 0;
}
else return $link_id;
}

I followed the other instructions but the database isn't yet updated.
0
 
Ray PaseurCommented:
@EMB: I'll post my PayPay script later today.
0
 
EMB01Author Commented:
Okay, maybe you'd like to explain it a little to me..?
0
 
hieloCommented:
I don't know which if your fields are of type INT, but you need to make sure that if you are inserting values into numeric fields you do NOT put apostrophes around the values. Below is how the code should look like now, but you still need to remove the apostrophes from the numeric fields. Also:
"I followed the other instructions but the database isn't yet updated. "

Do you know which is the last query/queries it attempts to execute? Also, when you emailing your self the debug information, are you emailing the value of $MYSQL_ERROR  and $MYSQL_ERRNO? It may help you track the problem.
<?php
$link_id=NULL;
 
function db_connect()
{
	global $dbhost, $dbusername, $dbuserpassword, $default_dbname;
	global $MYSQL_ERRNO, $MYSQL_ERROR;
	global $link_id;
	$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
	if (!$link_id)
	{
		$MYSQL_ERRNO = 0;
		$MYSQL_ERROR = "Connection failed to the host.";
	return 0;
	}
	else if (empty($dbname) && !mysql_select_db($default_dbname))
	{
		$MYSQL_ERRNO = mysql_errno();
		$MYSQL_ERROR = mysql_error();
	return 0;
	} 
	else
		return $link_id;
}
 
//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item_name(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}
	}
return ($itemNumbers);
}
 
// Check the transaction type
function txnIPN($data)
{
	if ($_data['txn_type'] == "cart") {
		return 1;
	} else if ($_data['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	global $link_id;
 
	// Get items
	$itemIds = getItems($data);
	if(count($itemIds)==0)
	{
		echo "No items found";
		return;
	}
 
	foreach($itemIds as $i)
	{
	
		// Make the inputs safe from SQL injection hacking
		$id = mysql_real_escape_string($data["item_number{$i}"]);
		$amount = mysql_real_escape_string($data["mc_gross_{$i}"]);
 
		// Query for the data
		$query = "SELECT * FROM projects WHERE `id_prj` = $id";
		$result1 = insertQuery($query);
 
		// Retrieve the query data and compute
		$row = mysql_fetch_array($result1);
		$paid = $row['paid_prj'] + $amount;
		$due = $row['due_prj'] - $amount;
		$notes = $row['notes_prj'] . "A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
		// Update the database
		$query = "UPDATE projects SET `paid_prj` = '$paid', `due_prj` = '$due', `notes_prj` = '$notes' WHERE `id_prj` = $id LIMIT 1";
		insertQuery($query);
	}
	
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch( strtolower($data['payment_status']) )
		{ 
			case "completed": $status = "1"; break; 
			case "pending": $status = "2"; break; 
			case "reversed": $status = "3"; break; 
			case "refunded": $status = "4"; break; 
			case "voided": $status = "5"; break; 
			default: $status = ""; //should this be ZERO or perhaps NULL?
		}
		
		// Update the database
		$queryx = "INSERT INTO orders (OrderReferenceID, OrderVisitorID, OrderShipping, OrderTax, OrderTotal, OrderDate, OrderShipAddress1, OrderShipCity, OrderShipStateID, OrderShipZip, OrderShipCountryID, OrderStatus) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', $shipzip, '$shipcountryid', '$status')";
		insertQuery($queryx);
		$detailorderid = mysql_insert_id();
		
		// Get items
//		for ($i=1; $i <= $_POST['num_cart_items'] ; $i++)
		foreach($itemIds as $i)
		{
		
		// Make the inputs safe from SQL injection hacking (for the order detail table)
		$detailitemid = mysql_real_escape_string($data["item_number{$i}"]);
		$detailitemname = mysql_real_escape_string($data["item_name{$i}"]);
		$detailitemdesc = "Payment for " . mysql_real_escape_string($data["item_name{$i}"]) . ". ";
		$detailquantity = mysql_real_escape_string($data["quantity{$i}"]);
		$detailprice = mysql_real_escape_string($data["mc_gross_{$i}"]);
		
		// Update the database (for the order detail table)
		$query{$i} = "INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
		insertQuery($query{$i});
		}
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}
?>

Open in new window

0
 
Ray PaseurCommented:
This is the PayPal IPN script that I use. Order data is processed near line 140.  I didn't include my proprietary code there -- you will know what you want to do with your information, and it won't be the same as my processing.

I hope the code and comments are helpful.

Best of luck with your project, ~Ray
<?php // paypal_ipn.php - custom PayPal IPN processor
 
// LOCAL VARIABLES AND FUNCTIONS...
// $db_connection CONTAINS A VALID DB CONNECTION
// warning_RAY() SENDS AN EMAIL TO THE AUTHOR
// fatal_query_error() HANDLES MySQL FAILURES
require_once('_config.php');
 
// READ THE POST FROM PayPal AND ADD 'cmd'
$postdata	= '';
$req		= 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
	$postdata	.= "\n $key = $value ";			// SAVE THE COLLECTION FOR LATER USE
	$$key		= trim(stripslashes($value));		// ASSIGN LOCAL VARIABLES
	$value		= urlencode(stripslashes($value));	// ENCODE FOR BOUNCE-BACK
	$req		.= "&$key=$value";			// APPEND TO THE BOUNCE-BACK
}
 
// POST BACK TO PayPal SYSTEM TO VALIDATE
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
 
 
// TEST FOR VERIFICATION
if (!$fp) { // HTTP ERROR
	warning_RAY("IPN HTTP ERROR", "fsockopen failed \n\n ERRNO=$errno \n\n ERRSTR=$errstr \n\n");
	die();
}
 
// HTTP OPEN - WRITE HEADER AND REQUEST
fputs ($fp, $header . $req);
 
// HTTP OPEN - READ PayPal RESPONSE, DISCARDING HEADERS TO THE VERY END
$paypal_reply 	= '';
$paypal_headers	= '';
while (!feof($fp)) {
	$paypal_reply	= fgets ($fp, 1024);
	$paypal_headers	.= $paypal_reply;
}
fclose ($fp);
 
// IF THIS IS TRULY A POST FROM PAYPAL, PROCESS ORDER NOTIFICATION
if (strcmp ($paypal_reply, "VERIFIED") == 0) {
 
// TEST FOR INCOMPLETE PAYMENT STATUS - COULD BE E-CHECK
	$errormsg = "";
	if ($payment_status != "Completed") { $errormsg .= "\nE: payment_status"; }
 
// TEST FOR WRONG PAY-TO ADDRESS (LESS OF A RISK WITH NEW 2008 STORED BUTTONS)
	$receiver_email = strtolower($receiver_email);
	if ($receiver_email != "you@your.org") { $errormsg .= "\nE: receiver_email"; }
 
// TEST FOR PAYMENT IN US CURRENCY
	if ($mc_currency != 'USD') { $errormsg .= "\nE: mc_currency"; }
 
// CHECK FOR TXN_ID ALREADY PROCESSED
	$sql = "SELECT * FROM PAYPAL_ORDER_LOG WHERE txn_id = \"$txn_id\" ";
	if (!$result = mysql_query($sql, $db_connection)) { fatal_query_error($sql); }
	$num_rows = mysql_num_rows($result);
	if ($num_rows  > 0) { $errormsg .= "\nE: Transaction id $txn_id already processed $num_rows time(s)"; }
 
// LOG THE TRANSACTION
	$order_date	= date('Y-m-d\TH:i:s');
	$item_number	= mysql_real_escape_string($item_number, $db_connection);
	$mc_gross 	= mysql_real_escape_string($mc_gross,    $db_connection);
	$address_zip	= mysql_real_escape_string($address_zip, $db_connection);
	$txn_id 	= mysql_real_escape_string($txn_id,      $db_connection);
	$receipt_id	= mysql_real_escape_string($receipt_id,  $db_connection);
	$last_name	= mysql_real_escape_string($last_name,   $db_connection);
	$payer_email	= mysql_real_escape_string($payer_email, $db_connection);
	$postdata	= mysql_real_escape_string($postdata,    $db_connection);
	$sql = "INSERT INTO PAYPAL_ORDER_LOG (    order_date,      item_number,      mc_gross,      address_zip,      txn_id,      receipt_id,      last_name,      payer_email,      postdata)
			VALUES		 (     \"$order_date\", \"$item_number\", \"$mc_gross\", \"$address_zip\", \"$txn_id\", \"$receipt_id\", \"$last_name\", \"$payer_email\", \"$postdata\")";
	if (!$result = mysql_query($sql, $db_connection)) { fatal_query_error($sql); }
 
// ISSUE A MESSAGE TO THE HOME OFFICE FOR EACH ORDER
	warning_RAY("IPN VERIFIED", "IPN REPLY $paypal_headers \n\n$errormsg \n\nPOST DATA FOLLOWS: $postdata \n\n");
 
// CAPTURE OUTPUT BUFFER SO WE CAN LOOK AT THE TRANSACTION DETAILS
	ob_start(); 
 
// TRANSACTION DETAIL FIELDS
	$w_item_number	= array();
	$w_quantity	= array();
	$w_mc_gross	= array();
	$w_item_name	= array();
 
// IF TRANSACTION TYPE IS CART, MAY BE MULTIPLE ITEMS IN DIFFERENT QUANTITIES
// THIS SEGMENT MAKES ARRAYS FROM THE PayPal VARIABLES
// NO POSITION ZERO IN THESE ARRAYS
	if ($txn_type == "cart") {
		while ($num_cart_items > 0) {
			$proxy	= "item_number" . "$num_cart_items";
			$w_item_number[$num_cart_items] = $$proxy;
 
			$proxy	= "quantity" . "$num_cart_items";
			$w_quantity[$num_cart_items] = $$proxy;
 
			$proxy	= "mc_gross_" . "$num_cart_items";
			$w_mc_gross[$num_cart_items] = $$proxy;
 
			$proxy	= "item_name" . "$num_cart_items";
			$w_item_name[$num_cart_items] = $$proxy;
 
			$num_cart_items--;
		}
 
	} else {
 
// NOT A CART - SINGLETON ITEM ONLY - NORMALIZE INTO ARRAY SO ALL PROCESSING IS CONSISTENT
// NO POSITION ZERO IN THESE ARRAYS
		$w_item_number[1]	= $item_number;
		$w_quantity[1]		= $quantity;
		$w_mc_gross[1]		= $mc_gross;
		$w_item_name[1]		= $item_name;
	}
 
 
// THIS IS JUST DEBUGGING CODE - ELIMINATE IN PRODUCTION
// DUMP THE ARRAYS SO WE CAN SEE WHAT IS IN THERE
	echo "\nDETAIL ARRAYS\n";
	var_dump($w_item_number);
	var_dump($w_quantity);
	var_dump($w_mc_gross);
	var_dump($w_item_name);
	echo "\nEND ARRAYS\n";
 
 
 
// ITERATE OVER THE ARRAYS
	$kount = 0; // NO POSITION ZERO IN THESE ARRAYS
	while ($kount < count($w_item_number)) {
		$kount++; // BUMP BEFORE WORKING
		$my_item_number	= $w_item_number[$kount];
		$my_quantity	= $w_quantity[$kount];
		$my_mc_gross	= $w_mc_gross[$kount];
		$my_item_name	= $w_item_name[$kount];
 
//
//
// HERE - PROCESS THE INSTANT PAYMENT NOTIFICATIONS AS NEEDED BY YOUR BUSINESS LOGIC
// THE ITERATOR HAS PUT THE CURRENT SET OF VALUES INTO THESE VARIABLES
// $my_item_number, $my_quantity, $my_mc_gross, and $my_item_name
//
//
//
 
	} // END ITERATION
 
// GRAB THE BUFFER AND SEND IT TO THE AUTHOR
	$foo	= ob_get_contents();
	ob_end_clean();
	warning_RAY("IPN VARDUMPS", "$foo \n\n");
 
// END OF NORMAL PROCESSING
	die();
}
 
// LOG INVALID POSTS FOR MANUAL INVESTIGATION AND INTERVENTION
if (strcmp ($paypal_reply, "INVALID") == 0) {
	warning_RAY("IPN INVALID", "IPN REPLY $paypal_headers \n\n$errormsg \n\nPOST DATA FOLLOWS: $postdata \n\n");
	die();
}
 
// OTHERWISE, PayPal RETURNED BAD DATA (OR INTERNET HTTP ERRORS OR TIMEOUT)
warning_RAY("IPN REPLY UNKNOWN", "IPN REPLY $paypal_headers \n\n$errormsg \n\nPOST DATA FOLLOWS: $postdata \n\n");
die();
 
?>

Open in new window

0
 
EMB01Author Commented:
Well; hielo, I can't figure it out - the variables for the query are there, there is a valid connection, and there are no MySQL errors (I checked since your last recommendation) but there is still no updating... I'm going to try to use Ray's script (thanks, Ray!) but I really would like to get this one working as I don't fully understand Ray's and I would prefer to use a script that I know how it works. Any more ideas, anyone?
0
 
Roger BaklundCommented:
An old error has snuck back into the last script from hielo (ID: 22952321):

function txnIPN($data)
{
      if ($_data['txn_type'] == "cart") {
            return 1;
      } else if ($_data['txn_type'] == "send_money") {
            return 2;
      }
}


Remove the underscore in $_data, it should be just $data:
function txnIPN($data)
{
	if ($data['txn_type'] == "cart") {
		return 1;
	} else if ($data['txn_type'] == "send_money") {
		return 2;
	}
}

Open in new window

0
 
hieloCommented:
>>An old error has snuck back into the last script from hielo (ID: 22952321):
Good catch!
0
 
hieloCommented:
For convenience (in case we need to do more copy and paste)
<?php
$link_id=NULL;
 
function db_connect()
{
	global $dbhost, $dbusername, $dbuserpassword, $default_dbname;
	global $MYSQL_ERRNO, $MYSQL_ERROR;
	global $link_id;
	$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
	if (!$link_id)
	{
		$MYSQL_ERRNO = 0;
		$MYSQL_ERROR = "Connection failed to the host.";
	return 0;
	}
	else if (empty($dbname) && !mysql_select_db($default_dbname))
	{
		$MYSQL_ERRNO = mysql_errno();
		$MYSQL_ERROR = mysql_error();
	return 0;
	} 
	else
		return $link_id;
}
 
//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item_name(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}
	}
return ($itemNumbers);
}
 
// Check the transaction type
function txnIPN($data)
{
	if ($data['txn_type'] == "cart") {
		return 1;
	} else if ($data['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	global $link_id;
 
	// Get items
	$itemIds = getItems($data);
	if(count($itemIds)==0)
	{
		echo "No items found";
		return;
	}
 
	foreach($itemIds as $i)
	{
	
		// Make the inputs safe from SQL injection hacking
		$id = mysql_real_escape_string($data["item_number{$i}"]);
		$amount = mysql_real_escape_string($data["mc_gross_{$i}"]);
 
		// Query for the data
		$query = "SELECT * FROM projects WHERE `id_prj` = $id";
		$result1 = insertQuery($query);
 
		// Retrieve the query data and compute
		$row = mysql_fetch_array($result1);
		$paid = $row['paid_prj'] + $amount;
		$due = $row['due_prj'] - $amount;
		$notes = $row['notes_prj'] . "A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
		// Update the database
		$query = "UPDATE projects SET `paid_prj` = '$paid', `due_prj` = '$due', `notes_prj` = '$notes' WHERE `id_prj` = $id LIMIT 1";
		insertQuery($query);
	}
	
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch( strtolower($data['payment_status']) )
		{ 
			case "completed": $status = "1"; break; 
			case "pending": $status = "2"; break; 
			case "reversed": $status = "3"; break; 
			case "refunded": $status = "4"; break; 
			case "voided": $status = "5"; break; 
			default: $status = ""; //should this be ZERO or perhaps NULL?
		}
		
		// Update the database
		$queryx = "INSERT INTO orders (OrderReferenceID, OrderVisitorID, OrderShipping, OrderTax, OrderTotal, OrderDate, OrderShipAddress1, OrderShipCity, OrderShipStateID, OrderShipZip, OrderShipCountryID, OrderStatus) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', $shipzip, '$shipcountryid', '$status')";
		insertQuery($queryx);
		$detailorderid = mysql_insert_id();
		
		// Get items
//		for ($i=1; $i <= $_POST['num_cart_items'] ; $i++)
		foreach($itemIds as $i)
		{
		
		// Make the inputs safe from SQL injection hacking (for the order detail table)
		$detailitemid = mysql_real_escape_string($data["item_number{$i}"]);
		$detailitemname = mysql_real_escape_string($data["item_name{$i}"]);
		$detailitemdesc = "Payment for " . mysql_real_escape_string($data["item_name{$i}"]) . ". ";
		$detailquantity = mysql_real_escape_string($data["quantity{$i}"]);
		$detailprice = mysql_real_escape_string($data["mc_gross_{$i}"]);
		
		// Update the database (for the order detail table)
		$query{$i} = "INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
		insertQuery($query{$i});
		}
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}
?> 

Open in new window

0
 
Ray PaseurCommented:
Looking at the code snippet in post #  22952321 it looks like the function db_connect() is defined, but never called.

Try making this change near line 75 and it the script dies, try using the db_connect() function.

If you wanted a little more sophisticated error handling you could inspect mysql_error()
// OLD CODE
		$result1 = insertQuery($query);
 
// SUGGESTED CODE
		if (!$result1 = insertQuery($query)) { die('QUERY ERROR'); }

Open in new window

0
 
Roger BaklundCommented:
I'm almost afraid to ask, but... is db_connect() ever called?
0
 
hieloCommented:
>>Looking at the code snippet in post #  22952321 it looks like the function db_connect() is defined, but never called.
>>I'm almost afraid to ask, but... is db_connect() ever called?
LOL. From what he has done in the past, most likely he still (INCORRECTLY) has:


// MySQL query operations
function insertQuery($query)
{
	$link_id = db_connect();
	$messages = mysql_query($query, $link_id) or die(mysql_error());
	return $messages;
}
 
INSTEAD OF:
// MySQL query operations
function insertQuery($query)
{
 global $link_id;
         if( !$link_id ){
	  $link_id = db_connect();
         }
	$messages = mysql_query($query, $link_id) or die(mysql_error());
	return $messages;
}

Open in new window

0
 
EMB01Author Commented:
Go ahead, guys... Laugh it up! Three points I would like to make followed by a brief question:
- The code you posted is quite similar to what I have
- The code may be incorrect but it does work
- I got the code from a recently published book

Question... Does anyone have a solution yet to the outstanding problem:
The query gets successfully executed with these variables:
$id = 1;
$amount = 1;

The query is unsuccessful with these variables (even though they, too, are equal to 1):
$id = $data["item_number{$i}"];
$amount = $data["mc_gross_{$i}"];

In the mean time I'll try to implement the code generously provided by Ray. Thank you.
0
 
EMB01Author Commented:
A final point:
These variables do exist and can be returned via the $query - they just don't get executed...
$id = $data["item_number{$i}"];
$amount = $data["mc_gross_{$i}"];
0
 
hieloCommented:
try changing:
$id = $data["item_number{$i}"];
$amount = $data["mc_gross_{$i}"];

to:
$id = (int)$data["item_number{$i}"];
$amount = (int)$data["mc_gross_{$i}"];
0
 
Ray PaseurCommented:
@EMB01: Whenever you have a chance, please post the latest version of the code you're trying.  If there are local functions, etc. please post those, too.  We may want you to do some var_dump() commands so we can look at the data you're working with.  Thanks, ~Ray
0
 
EMB01Author Commented:
hielo, I tried that but it didn't work either. The entire code has been attached. Thanks for your help.
// SQL error reporting
function sql_error()
{
global $MYSQL_ERRNO, $MYSQL_ERROR;
if(empty($MYSQL_ERROR))
{
$MYSQL_ERRNO = mysql_errno();
$MYSQL_ERROR = mysql_error();
}
return "$MYSQL_ERRNO: $MYSQL_ERROR";
}
 
// Connect to database function...
function db_connect()
{
global $dbhost, $dbusername, $dbuserpassword, $default_dbname;
global $MYSQL_ERRNO, $MYSQL_ERROR;
global $link_id;
$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
if (!$link_id)
{
$MYSQL_ERRNO = 0;
$MYSQL_ERROR = "Connection failed to the host.";
return 0;
}
else if (empty($dbname) && !mysql_select_db($default_dbname))
{
$MYSQL_ERRNO = mysql_errno();
$MYSQL_ERROR = mysql_error();
return 0;
} 
else return $link_id;
}
 
// MySQL query operations
function insertQuery($query)
{
	$link_id = db_connect();
	$messages = mysql_query($query, $link_id) or die(mysql_error());
	return $messages;
}
 
// Row count function
function rowCount($query)
{
	$link_id = db_connect();
	$result = mysql_query($query);
	$rowCount = mysql_num_rows($result);
	return $rowCount;
}
 
//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item_name(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}
	}
return ($itemNumbers);
}
 
// Check the transaction type
function txnIPN($data)
{
	if ($data['txn_type'] == "cart") {
		return 1;
	} else if ($data['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	global $link_id;
 
	// Get items
	$itemIds = getItems($data);
	if(count($itemIds)==0)
	{
		echo "No items found";
		return;
	}
 
	foreach($itemIds as $i)
	{
		// Make the inputs safe from SQL injection hacking
		$id = (int)$data["item_number{$i}"];
$amount = (int)$data["mc_gross_{$i}"];
 
		// Query for the data
		$query = "SELECT * FROM projects WHERE `id_prj` = $id";
		$result1 = insertQuery($query);
		$address = "admin@emarketbuilders.com";
	$subject = $query;
	$body = "Mysql error: " . $MYSQL_ERROR;
	$headers = 
		"From: admin@emarketbuilders.com\r\n" . 
		"Reply-To: admin@emarketbuilders.com\r\n" . 
		"X-Mailer: PHP/" . phpversion();
	mail($address, $subject, $body, $headers);
 
		// Retrieve the query data and compute
		$row = mysql_fetch_array($result1);
		$paid = $row['paid_prj'] + $amount;
		$due = $row['due_prj'] - $amount;
		$notes = $row['notes_prj'] . "A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
		// Update the database
		$query = "UPDATE projects SET `paid_prj` = '$paid', `due_prj` = '$due', `notes_prj` = '$notes' WHERE `id_prj` = $id LIMIT 1";
		insertQuery($query);
	}
	
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch ($data['payment_status']) { case "Completed": $status = "1"; break; case "Pending": $status = "2"; break; case "Reversed": $status = "3"; break; case "Refunded": $status = "4"; break; case "Voided": $status = "5"; break; default: $status = ""; }
		
		// Update the database
		$queryx = "INSERT INTO orders (OrderReferenceID, OrderVisitorID, OrderShipping, OrderTax, OrderTotal, OrderDate, OrderShipAddress1, OrderShipCity, OrderShipStateID, OrderShipZip, OrderShipCountryID, OrderStatus) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', $shipzip, '$shipcountryid', '$status')";
		insertQuery($queryx);
		$detailorderid = mysql_insert_id();
		
		// Get items
//		for ($i=1; $i <= $_POST['num_cart_items'] ; $i++)
		foreach($itemIds as $i)
		{
		
		// Make the inputs safe from SQL injection hacking (for the order detail table)
		$detailitemid = mysql_real_escape_string($data["item_number{$i}"]);
		$detailitemname = mysql_real_escape_string($data["item_name{$i}"]);
		$detailitemdesc = "Payment for " . mysql_real_escape_string($data["item_name{$i}"]) . ". ";
		$detailquantity = mysql_real_escape_string($data["quantity{$i}"]);
		$detailprice = mysql_real_escape_string($data["mc_gross_{$i}"]);
		
		// Update the database (for the order detail table)
		$query{$i} = "INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
		insertQuery($query{$i});
		}
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}

Open in new window

0
 
Roger BaklundCommented:
Lines 38 and 46...

You are connecting to the database multiple times. Replace these two lines with

global $link_id;

...and call db_connect() just once, for instance after line 162:

      // Process cart
        if(!db_connect()) die('Could not connect to database');
      processShoppingCart($_POST);
      exit();


Line 26...

What is $dbname? I think this line should read:

else if (empty($default_dbname) or !mysql_select_db($default_dbname))
0
 
Ray PaseurCommented:
EMB01: Suggest you backorder this very good book right now.  Some of the code you have posted above evinces basic misunderstandings about how PHP and MySQL operate, and you're setting yourself up for a catastrophe.

http://www.sitepoint.com/books/phpmysql1/

We can answer questions and suggest approaches, but EE is not a good learning resource when you have knowledge gaps about the basic principles - there are books, classes, tutorials for that.

In this case, if your time is valuable to you, you might want to hire a programmer with PayPal experience.  They have a robust developer group.

Good luck with your project, ~Ray
0
 
hieloCommented:
copy and paste:
// SQL error reporting
function sql_error($verbose=FALSE)
{
	global $MYSQL_ERRNO, $MYSQL_ERROR;
	if( empty($MYSQL_ERROR) )
	{
		if( $verbose)
			return "No Errors Found";
		else
			return "";
	}
return "$MYSQL_ERRNO: $MYSQL_ERROR";
}
 
function set_sql_error()
{
	global $MYSQL_ERRNO, $MYSQL_ERROR, $link_id;
	$MYSQL_ERRNO = mysql_errno();
	$MYSQL_ERROR = mysql_error();
return sql_error();
}
 
function notifyErrors($body)
{
	if( !empty($body) )
	{
		$address = "admin@emarketbuilders.com";
     	$subject = "Program Error Report";
		$headers = 
		"From: admin@emarketbuilders.com\r\n" . 
		"Reply-To: admin@emarketbuilders.com\r\n" . 
		"X-Mailer: PHP/" . phpversion();
		mail($address, $subject, $body, $headers);
	}
}
 
// Connect to database function...
function db_connect()
{
	global $dbhost, $dbusername, $dbuserpassword, $default_dbname;
	global $MYSQL_ERRNO, $MYSQL_ERROR, $link_id;
	if(!$link_id)
	{
		$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
		if (!$link_id)
		{
			set_sql_error();
		return NULL;
		}
		else if ( !mysql_select_db($default_dbname) )
		{
			set_sql_error();
		return NULL;
		} 
	}
return $link_id;
}
 
// MySQL query operations
function insertQuery($query)
{
	global $MYSQL_ERRNO, $MYSQL_ERROR, $link_id;
 
	if(!$link_id)
		$link_id = db_connect();
 
	if($link_id)
	{
		$messages = mysql_query($query, $link_id);
		
		if($messages)
		{
			return $messages;
		}
		else
		{
			set_sql_error();
		}
	}
return NULL;
}
 
// Row count function
function rowCount($query)
{
	global $MYSQL_ERRNO,$MYSQL_ERROR,$link_id;
	if( NULL===$link_id )
		$link_id = db_connect();
	
	if($link_id)
	{
		$result = mysql_query($query);
		if( $result )
		{
			$rowCount = mysql_num_rows($result);
		return $rowCount;
		}
		else
		{
			set_sql_error();
		}
	}
return NULL;
}
 
//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item_name(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}
	}
return ($itemNumbers);
}
 
// Check the transaction type
function txnIPN($data)
{
	if ($data['txn_type'] == "cart") {
		return 1;
	} else if ($data['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	global $link_id;
	$trace="";
 
	// Get items
	$itemIds = getItems($data);
	if(count($itemIds)==0)
	{
		echo "No items found";
		return;
	}
 
	foreach($itemIds as $i)
	{
		// Make the inputs safe from SQL injection hacking
		$id = (int)$data["item_number{$i}"];
		$amount = (int)$data["mc_gross_{$i}"];
 
		// Query for the data
		$query = "SELECT * FROM projects WHERE `id_prj` = $id";
		$result1 = insertQuery($query);
 
		$trace .= "\nQuery: $query";
		$trace .= "\nErrors: " . sql_error(TRUE);
 
		if( empty( sql_error() ) )
		{
			// Retrieve the query data and compute
			$row = mysql_fetch_array($result1);
			$paid = ($row['paid_prj'] + $amount);
			$due = ($row['due_prj'] - $amount);
			$notes = $row['notes_prj'] . " A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
			// Update the database
			$query = "UPDATE `projects` SET `paid_prj` = {$paid}, `due_prj` = {$due}, `notes_prj` = '{$notes}' WHERE `id_prj` = {$id} LIMIT 1";
			insertQuery($query);
 
			$trace .= "\n";
			$trace .= "\nQuery: $query";
			$trace .= "\nErrors: " . sql_error(TRUE);
		}
	}
 
	if( empty( sql_error() ) )
	{
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch (strtolower($data['payment_status']) )
		{ 
			case "completed": $status = "1";  break; 
			case "pending": $status = "2";	break; 
			case "reversed": $status = "3";	break; 
			case "refunded": $status = "4";	break; 
			case "voided": $status = "5";		break; 
			default: $status = ""; 
		}
			
		// Update the database
		$query = "INSERT INTO `orders` (`OrderReferenceID`, `OrderVisitorID`, `OrderShipping`, `OrderTax`, `OrderTotal`, `OrderDate`, `OrderShipAddress1`, `OrderShipCity`, `OrderShipStateID`, `OrderShipZip`, `OrderShipCountryID`, `OrderStatus`) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', $shipzip, '$shipcountryid', '$status')";
		insertQuery($query);
 
		$trace .= "\n";
		$trace .= "\nQuery: $query";
		$trace .= "\nErrors: " . sql_error(TRUE);
 
		if( empty( sql_error() ) )
		{
			$detailorderid = mysql_insert_id();
 
			// Get items
			reset($itemIds);
			foreach($itemIds as $i)
			{
				// Make the inputs safe from SQL injection hacking (for the order detail table)
				$detailitemid = mysql_real_escape_string($data["item_number{$i}"]);
				$detailitemname = mysql_real_escape_string($data["item_name{$i}"]);
				$detailitemdesc = "Payment for " . mysql_real_escape_string($data["item_name{$i}"]) . ". ";
				$detailquantity = mysql_real_escape_string($data["quantity{$i}"]);
				$detailprice = mysql_real_escape_string($data["mc_gross_{$i}"]);
			
				// Update the database (for the order detail table)
				$query = "INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
				insertQuery($query);
 
				$trace .= "\n";
				$trace .= "\nQuery: $query";
				$trace .= "\nErrors: " . sql_error(TRUE);
			}
		}
	}
	
	notifyErrors($trace);
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}

Open in new window

0
 
EMB01Author Commented:
The book was pretty basic (Professional Web APIs with PHP, from WROX) and it more or less used a skeleton of the code provided by PayPal, anyway. I have some (at least enough not to hire someone) experience with PayPal, I just can't get this shopping cart aspect of it to work. This is just the last piece of the puzzle. Regardless, the latest code suggestion seems to have a syntax error; maybe here at the first if/ else, to start with (?):
// SQL error reporting
function sql_error($verbose=FALSE)
{
	global $MYSQL_ERRNO, $MYSQL_ERROR;
	if( empty($MYSQL_ERROR) )
	{
		if( $verbose)
			return "No Errors Found";
		else
			return "";
	}
return "$MYSQL_ERRNO: $MYSQL_ERROR";
}
 
function set_sql_error()
{
	global $MYSQL_ERRNO, $MYSQL_ERROR, $link_id;
	$MYSQL_ERRNO = mysql_errno();
	$MYSQL_ERROR = mysql_error();
return sql_error();
}
 
function notifyErrors($body)
{
	if( !empty($body) )
	{
		$address = "admin@emarketbuilders.com";
     	$subject = "Program Error Report";
		$headers = 
		"From: admin@emarketbuilders.com\r\n" . 
		"Reply-To: admin@emarketbuilders.com\r\n" . 
		"X-Mailer: PHP/" . phpversion();
		mail($address, $subject, $body, $headers);
	}
}

Open in new window

0
 
hieloCommented:
>>hielo, I tried that but it didn't work either. The entire code has been attached
If that is your entire code, where are you initializing:
$dbhost, $dbusername, $dbuserpassword, $default_dbname, $MYSQL_ERRNO, $MYSQL_ERROR

It seems to me you did not provide the ENTIRE code

>> maybe here at the first if/ else, to start with (?):
There is nothing wrong with that
0
 
EMB01Author Commented:
You're correct, I didn't include the part with my passwords and whatnot. The syntax error has not appeared until the most recent modification. Maybe there's a semi-colon or one of these "{" or these "}" missing somewhere..?
0
 
Ray PaseurCommented:
I'm signing off after this - you guys carry on!

PayPal has explicit instructions on their web site, with current, tested examples.  Using a BOOK is one certain way to get out-of-date examples, to say nothing of the testing process!   The book is over two years old.  In the world of e-commerce security that is a lifetime!

http://www.amazon.com/Professional-Web-APIs-PHP-Google/dp/0764589547

PayPal has recently revised some parts of the interface (my code posted above works with the new interface) especially in the area of shopping carts and buy-now buttons.  PayPal has a "sandbox" for your testing purposes.

You should join the PayPal Dev network, download the latest PayPal manuals (PDF, hundreds of pages of detailed explanations) and then post back here when you're working with current code examples.  I'm sure the wrox book was good when it was written, but you're using the wrong reference if you need an interface to PayPal - only PayPal can be reasonably expected to give you that information.

Good luck as you go forward, ~Ray
0
 
EMB01Author Commented:
I hear you and all - except - the book only offered those two or three functions (insertQuery, etc.) and this (current, nearly identical to PayPal's) skeleton of a script (also attached):
https://www.paypal.com/us/cgi-bin/webscr?cmd=p/pdn/ipn-codesamples-pop-outside

There isn't too much involved here... that's really all I'm working with and it's virtually the same from either source. If we can't get this working, I'll have to try another way to use a shopping cart with the IPN. It is strange though - that the variable exists and can be echoed; however, it cannot be used in an SQL query (even when the value is identical to a static value).
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
 
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
 
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
 
// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
 
if (!$fp) {
// HTTP ERROR
} else {
fputs ($fp, $header . $req);
while (!feof($fp)) {
$res = fgets ($fp, 1024);
if (strcmp ($res, "VERIFIED") == 0) {
// check the payment_status is Completed
// check that txn_id has not been previously processed
// check that receiver_email is your Primary PayPal email
// check that payment_amount/payment_currency are correct
// process payment
}
else if (strcmp ($res, "INVALID") == 0) {
// log for manual investigation
}
}
fclose ($fp);
}
?>

Open in new window

0
 
Roger BaklundCommented:
The last script from hielo (ID: 22968361) has errors in lines 160, 178 and 210:

            if( empty( sql_error() ) )

You can't use empty() on a function call...

http://php.net/manual/en/function.empty.php
0
 
EMB01Author Commented:
Thanks, cxr. Very impressive!

I sent an IPN and recieved this email:
Subject: Program Error Report
Contents: Query: SELECT * FROM projects WHERE `id_prj` = 1
Errors: No Errors Found

Unfortunately, the database remains un-updated. Now, had we used these variables:
$id = 1;
$amount = 1;

Everything would have worked fine... I don't get it!
0
 
EMB01Author Commented:
By the way, I changed the three of these:
if( empty( sql_error() ) )

To three of these:
if( sql_error() != NULL )
0
 
EMB01Author Commented:
Sorry, not sure what I was thinking. I reversed the "if" from before to "==" and not "!=" and here's what I get:
Query: SELECT * FROM projects WHERE `id_prj` = 1
Errors: No Errors Found

Query: UPDATE `projects` SET `paid_prj` = 228, `due_prj` = -228, `notes_prj` = 'This is a test.A payment for 1 was made on Wednesday, August 27, 2008 at 1:41 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 1:41 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:05 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:05 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:00 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:01 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:01 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:13 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:13 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:21 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:21 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:22 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:24 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:42 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:52 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:52 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:55 PM PDT. A payment for 1 was made on Thursday, August 28, 2008 at 9:05 PM PDT. A payment for 1 was made on Sunday, August 31, 2008 at 10:41 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 6:28 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:08 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for $1.00 was made on Monday, September 1, 2008 at 7:22 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:23 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:26 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:27 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:37 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:37 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:01 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:09 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:13 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:25 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:47 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:50 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:50 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:51 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:04 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:26 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:26 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:27 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:29 AM PDT. A payment of $1.00 was made on Saturday, September 20, 2008 at 11:33 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:04 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:14 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:36 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:36 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:57 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:05 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:25 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:39 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:44 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:45 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:48 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 11:24 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 12:33 PM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 12:33 PM PDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 3:45 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 3:57 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 4:06 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 4:08 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:26 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:56 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:59 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 6:05 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 6:14 PM EDT. A payment of $12.34 was made on Monday, November 10, 2008 at 3:12 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:16 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:19 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:19 PM EST. A payment of $0.00 was made on Tuesday, November 11, 2008 at 7:16 PM EST. A payment of $1.00 was made on Tuesday, November 11, 2008 at 7:19 PM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 8:01 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:04 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:06 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:08 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:11 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:16 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 11:09 AM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 11:15 AM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 2:59 PM EST. A payment of $0.00 was made on Saturday, November 15, 2008 at 9:20 AM EST. A payment of $0.00 was made on Saturday, November 15, 2008 at 9:23 AM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 6:14 PM EST. ' WHERE `id_prj` = 1 LIMIT 1
Errors: No Errors Found

Query: INSERT INTO `orders` (`OrderReferenceID`, `OrderVisitorID`, `OrderShipping`, `OrderTax`, `OrderTotal`, `OrderDate`, `OrderShipAddress1`, `OrderShipCity`, `OrderShipStateID`, `OrderShipZip`, `OrderShipCountryID`, `OrderStatus`) VALUES ('nqkvev9mjhntdjgveqse34vb62', 'xyz123', '', '2.02', '', '2008-11-15 18:14:24', '', '', '', , '', '1')
Errors: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '', '1')' at line 1
0
 
Roger BaklundCommented:
The third last parameter for the order INSERT has a missing value... that is OrderShipZip, $shipzip in the PHP, which is fetched from $data['address_zip'], which again comes from $_POST['address_zip']. Check this.
0
 
Roger BaklundCommented:
It is the only field in the INSERT without quotes, if the value is not required, you can fix it by inserting quotes, like this:
$query = "INSERT INTO `orders` (`OrderReferenceID`, `OrderVisitorID`, `OrderShipping`, `OrderTax`, `OrderTotal`, `OrderDate`, `OrderShipAddress1`, `OrderShipCity`, `OrderShipStateID`, `OrderShipZip`, `OrderShipCountryID`, `OrderStatus`) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', '$shipzip', '$shipcountryid', '$status')";

Open in new window

0
 
EMB01Author Commented:
Thanks, cxr. I changed it to what you posted, but nothing seems to have changed. Here's the email:
Query: SELECT * FROM projects WHERE `id_prj` = 1
Errors: No Errors Found

Query: UPDATE `projects` SET `paid_prj` = 228, `due_prj` = -228, `notes_prj` = 'This is a test.A payment for 1 was made on Wednesday, August 27, 2008 at 1:41 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 1:41 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:05 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:05 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:00 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:01 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:01 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:13 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:13 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:21 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:21 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:22 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:24 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:42 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:52 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:52 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:55 PM PDT. A payment for 1 was made on Thursday, August 28, 2008 at 9:05 PM PDT. A payment for 1 was made on Sunday, August 31, 2008 at 10:41 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 6:28 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:08 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for $1.00 was made on Monday, September 1, 2008 at 7:22 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:23 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:26 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:27 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:37 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:37 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:01 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:09 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:13 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:25 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:47 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:50 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:50 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:51 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:04 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:26 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:26 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:27 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:29 AM PDT. A payment of $1.00 was made on Saturday, September 20, 2008 at 11:33 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:04 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:14 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:36 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:36 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:57 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:05 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:25 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:39 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:44 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:45 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:48 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 11:24 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 12:33 PM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 12:33 PM PDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 3:45 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 3:57 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 4:06 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 4:08 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:26 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:56 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:59 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 6:05 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 6:14 PM EDT. A payment of $12.34 was made on Monday, November 10, 2008 at 3:12 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:16 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:19 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:19 PM EST. A payment of $0.00 was made on Tuesday, November 11, 2008 at 7:16 PM EST. A payment of $1.00 was made on Tuesday, November 11, 2008 at 7:19 PM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 8:01 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:04 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:06 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:08 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:11 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:16 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 11:09 AM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 11:15 AM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 2:59 PM EST. A payment of $0.00 was made on Saturday, November 15, 2008 at 9:20 AM EST. A payment of $0.00 was made on Saturday, November 15, 2008 at 9:23 AM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 6:14 PM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 8:56 PM EST. ' WHERE `id_prj` = 1 LIMIT 1
Errors: No Errors Found

Query: INSERT INTO `orders` (`OrderReferenceID`, `OrderVisitorID`, `OrderShipping`, `OrderTax`, `OrderTotal`, `OrderDate`, `OrderShipAddress1`, `OrderShipCity`, `OrderShipStateID`, `OrderShipZip`, `OrderShipCountryID`, `OrderStatus`) VALUES ('38i7tcu007nqas9lr1a03813f7', 'xyz123', '', '2.02', '', '2008-11-15 20:56:11', '', '', '', , '', '1')
Errors: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '', '1')' at line 1
0
 
Roger BaklundCommented:
That was odd. Are you sure you changed it in the right spot and in the right file... the third last parameter is still missing the quotes. It's line 203 in the last script from hielo.
0
 
hieloCommented:
>>By the way, I changed the three of these: if( empty( sql_error() ) )
>>To three of these:  if( sql_error() != NULL )
sql_error() never returns NULL. You should be testing for an empty string. Change those to:
if( "" === sql_error()  )

>>Errors: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '', '1')' at line 1
On that insert statement in the list of VALUES you have $shipzip, which does NOT have apotrophes around it. The error you are seeing is because you are NOT putting the apostrophes around it. You are probably updating the wrong file.

// SQL error reporting
function sql_error($verbose=FALSE)
{
	global $MYSQL_ERRNO, $MYSQL_ERROR;
	if( empty($MYSQL_ERROR) )
	{
		if( $verbose)
			return "No Errors Found";
		else
			return "";
	}
return "$MYSQL_ERRNO: $MYSQL_ERROR";
}
 
function set_sql_error()
{
	global $MYSQL_ERRNO, $MYSQL_ERROR, $link_id;
	$MYSQL_ERRNO = mysql_errno();
	$MYSQL_ERROR = mysql_error();
return sql_error();
}
 
function notifyErrors($body)
{
	if( !empty($body) )
	{
		$address = "admin@emarketbuilders.com";
     	$subject = "Program Error Report";
		$headers = 
		"From: admin@emarketbuilders.com\r\n" . 
		"Reply-To: admin@emarketbuilders.com\r\n" . 
		"X-Mailer: PHP/" . phpversion();
		mail($address, $subject, $body, $headers);
	}
}
 
// Connect to database function...
function db_connect()
{
	global $dbhost, $dbusername, $dbuserpassword, $default_dbname;
	global $MYSQL_ERRNO, $MYSQL_ERROR, $link_id;
	if(!$link_id)
	{
		$link_id = mysql_connect($dbhost, $dbusername, $dbuserpassword);
		if (!$link_id)
		{
			set_sql_error();
		return NULL;
		}
		else if ( !mysql_select_db($default_dbname) )
		{
			set_sql_error();
		return NULL;
		} 
	}
return $link_id;
}
 
// MySQL query operations
function insertQuery($query)
{
	global $MYSQL_ERRNO, $MYSQL_ERROR, $link_id;
 
	if(!$link_id)
		$link_id = db_connect();
 
	if($link_id)
	{
		$messages = mysql_query($query, $link_id);
		
		if($messages)
		{
			return $messages;
		}
		else
		{
			set_sql_error();
		}
	}
return NULL;
}
 
// Row count function
function rowCount($query)
{
	global $MYSQL_ERRNO,$MYSQL_ERROR,$link_id;
	if( NULL===$link_id )
		$link_id = db_connect();
	
	if($link_id)
	{
		$result = mysql_query($query);
		if( $result )
		{
			$rowCount = mysql_num_rows($result);
		return $rowCount;
		}
		else
		{
			set_sql_error();
		}
	}
return NULL;
}
 
//if user submits item2, item7, item11
//function below should return an array with the numeric "id" - namely:
//[2,7,11]
function getItems($data)
{
	$itemNumbers=array();
	$temp=array_keys($data);
	foreach($temp as $v)
	{
		if( preg_match('#item_name(\d+)#',$v,$match ) )
		{
			$itemNumbers[]=$match[1];
		}
	}
return ($itemNumbers);
}
 
// Check the transaction type
function txnIPN($data)
{
	if ($data['txn_type'] == "cart") {
		return 1;
	} else if ($data['txn_type'] == "send_money") {
		return 2;
	}
}
 
// Process the shopping cart
function processShoppingCart($data)
{
	global $link_id;
	$trace="";
 
	// Get items
	$itemIds = getItems($data);
	if(count($itemIds)==0)
	{
		echo "No items found";
		return;
	}
 
	foreach($itemIds as $i)
	{
		// Make the inputs safe from SQL injection hacking
		$id = (int)$data["item_number{$i}"];
		$amount = (int)$data["mc_gross_{$i}"];
 
		// Query for the data
		$query = "SELECT * FROM projects WHERE `id_prj` = $id";
		$result1 = insertQuery($query);
 
		$trace .= "\nQuery: $query";
		$trace .= "\nErrors: " . sql_error(TRUE);
 
		if( "" === sql_error() )
		{
			// Retrieve the query data and compute
			$row = mysql_fetch_array($result1);
			$paid = ($row['paid_prj'] + $amount);
			$due = ($row['due_prj'] - $amount);
			$notes = $row['notes_prj'] . " A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
			// Update the database
			$query = "UPDATE `projects` SET `paid_prj` = {$paid}, `due_prj` = {$due}, `notes_prj` = '{$notes}' WHERE `id_prj` = {$id} LIMIT 1";
			insertQuery($query);
 
			$trace .= "\n";
			$trace .= "\nQuery: $query";
			$trace .= "\nErrors: " . sql_error(TRUE);
		}
	}
 
	if( "" === sql_error() )
	{
		// Make the inputs safe from SQL injection hacking
		$referenceid = session_id();
		$visitorid = mysql_real_escape_string($data['custom']);
		$shipping = mysql_real_escape_string($data['shipping']);
		$tax = mysql_real_escape_string($data['tax']);
		$total = mysql_real_escape_string($data['payment_gross']);
		$date = date('Y-m-d H:i:s');
		$shipaddress = mysql_real_escape_string($data['address_street']);
		$shipcity = mysql_real_escape_string($data['address_city']);
		$shipstateid = mysql_real_escape_string($data['address_state']);
		$shipzip = mysql_real_escape_string($data['address_zip']);
		$shipcountryid = mysql_real_escape_string($data['address_country_code']);
		switch (strtolower($data['payment_status']) )
		{ 
			case "completed": $status = "1";  break; 
			case "pending": $status = "2";	break; 
			case "reversed": $status = "3";	break; 
			case "refunded": $status = "4";	break; 
			case "voided": $status = "5";		break; 
			default: $status = ""; 
		}
			
		// Update the database
		$query = "INSERT INTO `orders` (`OrderReferenceID`, `OrderVisitorID`, `OrderShipping`, `OrderTax`, `OrderTotal`, `OrderDate`, `OrderShipAddress1`, `OrderShipCity`, `OrderShipStateID`, `OrderShipZip`, `OrderShipCountryID`, `OrderStatus`) VALUES ('$referenceid', '$visitorid', '$shipping', '$tax', '$total', '$date', '$shipaddress', '$shipcity', '$shipstateid', '$shipzip', '$shipcountryid', '$status')";
		insertQuery($query);
 
		$trace .= "\n";
		$trace .= "\nQuery: $query";
		$trace .= "\nErrors: " . sql_error(TRUE);
 
		if( "" === sql_error()  )
		{
			$detailorderid = mysql_insert_id();
 
			// Get items
			reset($itemIds);
			foreach($itemIds as $i)
			{
				// Make the inputs safe from SQL injection hacking (for the order detail table)
				$detailitemid = mysql_real_escape_string($data["item_number{$i}"]);
				$detailitemname = mysql_real_escape_string($data["item_name{$i}"]);
				$detailitemdesc = "Payment for " . mysql_real_escape_string($data["item_name{$i}"]) . ". ";
				$detailquantity = mysql_real_escape_string($data["quantity{$i}"]);
				$detailprice = mysql_real_escape_string($data["mc_gross_{$i}"]);
			
				// Update the database (for the order detail table)
				$query = "INSERT INTO `orderdetails` (`DetailOrderID`, `DetailItemID`, `DetailItemName`, `DetailItemDesc`, `DetailQuantity`, `DetailPrice`) VALUES ('$detailorderid', '$detailitemid', '$detailitemname', '$detailitemdesc', '$detailquantity', '$detailprice')";
				insertQuery($query);
 
				$trace .= "\n";
				$trace .= "\nQuery: $query";
				$trace .= "\nErrors: " . sql_error(TRUE);
			}
		}
	}
	
	notifyErrors($trace);
}
 
// Step 0.5. Check the transaction type
$result = txnIPN($_POST);
if ($result == 1)
{
	// Process cart
	processShoppingCart($_POST);
	exit();
}

Open in new window

0
 
EMB01Author Commented:
You're right, I must not have changed it correctly. I changed it now and there are no errors:
Query: SELECT * FROM projects WHERE `id_prj` = 1
Errors: No Errors Found

Query: UPDATE `projects` SET `paid_prj` = 228, `due_prj` = -228, `notes_prj` = 'This is a test.A payment for 1 was made on Wednesday, August 27, 2008 at 1:41 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 1:41 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:05 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:05 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:00 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:01 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:01 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:13 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:13 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:21 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:21 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:22 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:24 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:42 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:52 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:52 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:55 PM PDT. A payment for 1 was made on Thursday, August 28, 2008 at 9:05 PM PDT. A payment for 1 was made on Sunday, August 31, 2008 at 10:41 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 6:28 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:08 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for $1.00 was made on Monday, September 1, 2008 at 7:22 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:23 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:26 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:27 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:37 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:37 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:01 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:09 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:13 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:25 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:47 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:50 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:50 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:51 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:04 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:26 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:26 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:27 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:29 AM PDT. A payment of $1.00 was made on Saturday, September 20, 2008 at 11:33 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:04 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:14 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:36 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:36 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:57 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:05 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:25 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:39 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:44 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:45 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:48 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 11:24 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 12:33 PM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 12:33 PM PDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 3:45 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 3:57 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 4:06 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 4:08 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:26 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:56 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:59 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 6:05 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 6:14 PM EDT. A payment of $12.34 was made on Monday, November 10, 2008 at 3:12 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:16 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:19 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:19 PM EST. A payment of $0.00 was made on Tuesday, November 11, 2008 at 7:16 PM EST. A payment of $1.00 was made on Tuesday, November 11, 2008 at 7:19 PM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 8:01 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:04 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:06 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:08 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:11 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:16 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 11:09 AM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 11:15 AM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 2:59 PM EST. A payment of $0.00 was made on Saturday, November 15, 2008 at 9:20 AM EST. A payment of $0.00 was made on Saturday, November 15, 2008 at 9:23 AM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 6:14 PM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 8:56 PM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 8:59 PM EST.  A payment of $0.00 was made on Monday, November 17, 2008 at 9:34 AM EST. ' WHERE `id_prj` = 1 LIMIT 1
Errors: No Errors Found

Query: INSERT INTO `orders` (`OrderReferenceID`, `OrderVisitorID`, `OrderShipping`, `OrderTax`, `OrderTotal`, `OrderDate`, `OrderShipAddress1`, `OrderShipCity`, `OrderShipStateID`, `OrderShipZip`, `OrderShipCountryID`, `OrderStatus`) VALUES ('affpkenrnbn5pfho8913puclg5', 'xyz123', '', '2.02', '', '2008-11-17 09:34:32', '', '', '', '', '', '1')
Errors: No Errors Found

Query: INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('31', '1', 'something', 'Payment for something. ', '1', '')
Errors: No Errors Found


Currently, the database remains un-updated until I changed these values (to static 1's) and re-process; then, the database gets updated (check out `paid_prj` = 229, `due_prj` = -229... they used to be 228 and -228):
Query: SELECT * FROM projects WHERE `id_prj` = 1
Errors: No Errors Found

Query: UPDATE `projects` SET `paid_prj` = 229, `due_prj` = -229, `notes_prj` = 'This is a test.A payment for 1 was made on Wednesday, August 27, 2008 at 1:41 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 1:41 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:05 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:05 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 2:59 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:00 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:01 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:01 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:13 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:13 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:21 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:21 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:22 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:24 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:42 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:52 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:52 PM PDT. A payment for 1 was made on Wednesday, August 27, 2008 at 3:55 PM PDT. A payment for 1 was made on Thursday, August 28, 2008 at 9:05 PM PDT. A payment for 1 was made on Sunday, August 31, 2008 at 10:41 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 6:28 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:08 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for 1 was made on Monday, September 1, 2008 at 7:21 AM PDT. A payment for $1.00 was made on Monday, September 1, 2008 at 7:22 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:23 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:26 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:27 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:37 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 7:37 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:01 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:09 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 8:13 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 1, 2008 at 9:25 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:47 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:50 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:50 AM PDT. A payment of $1.00 was made on Friday, September 5, 2008 at 4:51 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:04 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:26 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:26 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:27 AM PDT. A payment of $1.00 was made on Tuesday, September 16, 2008 at 6:29 AM PDT. A payment of $1.00 was made on Saturday, September 20, 2008 at 11:33 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:04 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:14 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:17 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:36 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:36 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 9:57 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:05 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:25 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:39 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:44 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:45 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 10:48 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 11:24 AM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 12:33 PM PDT. A payment of $1.00 was made on Monday, September 22, 2008 at 12:33 PM PDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 3:45 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 3:57 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 4:06 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 4:08 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:26 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:56 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 5:59 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 6:05 PM EDT. A payment of $12.34 was made on Thursday, October 23, 2008 at 6:14 PM EDT. A payment of $12.34 was made on Monday, November 10, 2008 at 3:12 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:16 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:19 PM EST. A payment of $12.34 was made on Monday, November 10, 2008 at 3:19 PM EST. A payment of $0.00 was made on Tuesday, November 11, 2008 at 7:16 PM EST. A payment of $1.00 was made on Tuesday, November 11, 2008 at 7:19 PM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 8:01 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:04 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:06 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:08 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:11 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 8:16 AM EST. A payment of $1.00 was made on Thursday, November 13, 2008 at 11:09 AM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 11:15 AM EST. A payment of $0.00 was made on Thursday, November 13, 2008 at 2:59 PM EST. A payment of $0.00 was made on Saturday, November 15, 2008 at 9:20 AM EST. A payment of $0.00 was made on Saturday, November 15, 2008 at 9:23 AM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 6:14 PM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 8:56 PM EST.  A payment of $0.00 was made on Saturday, November 15, 2008 at 8:59 PM EST.  A payment of $0.00 was made on Monday, November 17, 2008 at 9:34 AM EST.  A payment of $1.00 was made on Monday, November 17, 2008 at 9:36 AM EST. ' WHERE `id_prj` = 1 LIMIT 1
Errors: No Errors Found

Query: INSERT INTO `orders` (`OrderReferenceID`, `OrderVisitorID`, `OrderShipping`, `OrderTax`, `OrderTotal`, `OrderDate`, `OrderShipAddress1`, `OrderShipCity`, `OrderShipStateID`, `OrderShipZip`, `OrderShipCountryID`, `OrderStatus`) VALUES ('ri1qn99ohb6q3nbuempi5dp3v2', 'xyz123', '', '2.02', '', '2008-11-17 09:36:03', '', '', '', '', '', '1')
Errors: No Errors Found

Query: INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('32', '1', 'something', 'Payment for something. ', '1', '')
Errors: No Errors Found
0
 
EMB01Author Commented:
My guess is that there is something wrong this part (see attached) accepting these {$i} values.
// Update the database
			$query = "UPDATE `projects` SET `paid_prj` = {$paid}, `due_prj` = {$due}, `notes_prj` = '{$notes}' WHERE `id_prj` = {$id} LIMIT 1";
			insertQuery($query);
 
// Maybe it should look like this..?
			$query{$i} = "UPDATE `projects` SET `paid_prj` = {$paid}, `due_prj` = {$due}, `notes_prj` = '{$notes}' WHERE `id_prj` = {$id} LIMIT 1";
			insertQuery($query{$i});

Open in new window

0
 
hieloCommented:
>>// Maybe it should look like this..?
Rather than ask, why not try it!

but this looks right:
// Update the database
$query = "UPDATE `projects` SET `paid_prj` = {$paid}, `due_prj` = {$due}, `notes_prj` = '{$notes}' WHERE `id_prj` = {$id} LIMIT 1";
insertQuery($query);

IF anything, try:
$query = "UPDATE `projects` SET `paid_prj` = . " $paid .", `due_prj` = " . $due . ", `notes_prj` = '" . $notes . "' WHERE `id_prj` = " . $id . " LIMIT 1";
 
OR:
$query = "UPDATE `projects` SET `paid_prj` = . '" $paid . "', `due_prj` = '" . $due . "', `notes_prj` = '" . $notes . "' WHERE `id_prj` = " . $id . " LIMIT 1";

Open in new window

0
 
hieloCommented:
try changing:
$id = (int)$data["item_number{$i}"];

to:
$id = (int)$data["item_name{$i}"];
0
 
EMB01Author Commented:
Thanks, but changing the $id variable makes the $query return no items:
Query: SELECT * FROM projects WHERE `id_prj` = 0
Errors: No Errors Found

Query: UPDATE `projects` SET `paid_prj` = '0', `due_prj` = '0', `notes_prj` = ' A payment of $0.00 was made on Monday, November 17, 2008 at 10:47 AM EST. ' WHERE `id_prj` = 0 LIMIT 1
Errors: No Errors Found

Query: INSERT INTO `orders` (`OrderReferenceID`, `OrderVisitorID`, `OrderShipping`, `OrderTax`, `OrderTotal`, `OrderDate`, `OrderShipAddress1`, `OrderShipCity`, `OrderShipStateID`, `OrderShipZip`, `OrderShipCountryID`, `OrderStatus`) VALUES ('8udd10i362svef8uem4fb4jeu2', 'xyz123', '', '2.02', '', '2008-11-17 10:47:16', '', '', '', '', '', '1')
Errors: No Errors Found

Query: INSERT INTO orderdetails (DetailOrderID, DetailItemID, DetailItemName, DetailItemDesc, DetailQuantity, DetailPrice) VALUES ('34', '1', 'something', 'Payment for something. ', '1', '')
Errors: No Errors Found

The previous way, the query returns items... maybe there is something wrong with the calculation part. I mean, the query gets executed, but perhaps, the values from the {$i} are not represented.
// Retrieve the query data and compute
			$row = mysql_fetch_array($result1);
			$paid = ($row['paid_prj'] + $amount);
			$due = ($row['due_prj'] - $amount);
			$notes = $row['notes_prj'] . " A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";
 
// I tried this (removing parenthesis - didn't work
$row = mysql_fetch_array($result1);
			$paid = $row['paid_prj'] + $amount;
			$due = $row['due_prj'] - $amount;
			$notes = $row['notes_prj'] . " A payment of $" . number_format($amount, 2) . " was made on " . date('l, F j, Y') . " at " . date('g:i A T') . ". ";

Open in new window

0
 
hieloCommented:
>>Thanks, but changing the $id variable makes the $query return no items
looking back at the array you posted on your problem description, yes, it should be:
$id = (int)$data["item_number{$i}"];

I was looking at get_items when I made that suggestion but I now realize that item_name is a string, not a number.

On another note, after revisiting your array, I noticed that the correct key is:
 mc_gross1

NOT
 mc_gross_1 (notice the extra underscore after "gross")

So, you need this:
            // Make the inputs safe from SQL injection hacking
            $id = (int)$data["item_number{$i}"];
            $amount = (int)$data["mc_gross{$i}"];

Also, instead of:
$row = mysql_fetch_array($result1);

use:
$row = mysql_fetch_assoc($result1);
0
 
EMB01Author Commented:
!!! It worked !!!

That variable is supposed to exist according to this:
https://www.paypal.com/IntegrationCenter/ic_ipn-pdt-variable-reference.html

Either way, at least it works now. Great thanks to those that helped.
0
 
EMB01Author Commented:
Thanks for sticking though on this one!
0
 
hieloCommented:
>>That variable is supposed to exist according to this:
OK, but you need to go by what you program is generating which is mc_grossx not mc_gross_x
0
 
EMB01Author Commented:
By the way, about your SQL error reporting function; I tried this (see attached) but how do I get it to email only when errors exist?
function notifyErrors($body)
{
if ($MYSQL_ERRNO != "")
	if( !empty($body) )
	{
		$address = "admin@emarketbuilders.com";
     	$subject = "Program Error Report";
		$headers = 
		"From: admin@emarketbuilders.com\r\n" . 
		"Reply-To: admin@emarketbuilders.com\r\n" . 
		"X-Mailer: PHP/" . phpversion();
		mail($address, $subject, $body, $headers);
	}
}

Open in new window

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 36
  • 28
  • 9
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now