PHP interface with PayPal Express

I have a textbox on my page where a user can enter URLs that they would like QR codes for.The format is one URL per line. The HTML separates the URLs nicely for me with a \r\ after each one.  The problem is getting these in the return_url that PayPal calls to get back to may site after approving  the transaction.  I build a return URL for PayPal to use  that has the contents of the textara as one parameter called "instructions" and I can see the %0D%0A in the characters so I know I'm sending these to PayPal.  But when PayPal calls me back with the return_url the \r\n characters are gone and I'm not able to  separate out  the URLs in the instructions parameter., other than looking for 'www' etc.

A normal software solution would be to save the URLs away before the transfer to another piece of software and get them back from there when you're called back, but with web programing, there's no place to store them away, other than a database or a file. Cookies aren't going to work when it's PayPal your communicating with.

Just wondering if someone else has run into this and has some thoughts on it.

Thanks.
stevaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Almost everyone uses a database for these things.  Is there a reason you don't want to?
0
Ray PaseurCommented:
It sounds like several questions.  

You need QR codes, right?  I can give you an answer here.  Please copy the code and install your own version (not sure how much load the church servers can handle).
http://nationalpres.org/qr_code.php

You need to get several lines from a textarea.  You can use explode(PHP_EOL, $textarea) to get the lines separated.  Use trim() to get rid of the unwanted whitespace characters.  Feed the QR code requests to Google one at a time.

Not sure where PayPal fits into this... You can get the QR codes free from Google as the script shows.
<?php // qr_code.php
error_reporting(E_ALL);

// GENERATE QR CODE IMAGES
// SEE http://code.google.com/apis/chart/infographics/docs/qr_codes.html
// SEE http://www.mediapost.com/publications/article/160932/qr-malware-surfaces-on-apps.html

// THE DIRECTORY FOR THE QR CODES
$dir = 'qr_codes';

$s = "144";
if (!empty($_GET["size"]))
{
    $s = strtoupper(trim($_GET["size"]));
    switch($s)
    {
        case "S" : $s =  72; break;
        case "M" : $s = 144; break;
        case "L" : $s = 288; break;
        case "G" : $s = 547; break; // LARGEST FROM TESTS ON 2011-10-20
    }
}
$chs = $s . 'x' . $s;

// IF THERE IS DATA
$q = NULL;
if (!empty($_GET["q"]))
{
    $q = $_GET["q"];

    // MAKE A FILE NAME
    $f = $q;
    $f = preg_replace('#[^ A-Z0-9/:?&\+\.]#i', NULL, $f);
    $f = str_replace(' ', '_', $f);
    $f = preg_replace('#[^A-Z0-9]#i', '_', $f);
    $f = preg_replace('#_+#', '_', $f);

    // CALL THE QR CODER
    $url
    = 'https://chart.googleapis.com/chart?'
    . 'cht=qr'          // CREATE A QR CODE
    . '&'
    . "chs=$chs"        // PIXEL DIMENSIONS (SQUARE)
    . '&'
    . 'chld=Q'          // QUALITY ERROR RECOVERY MEANS UP TO 67 ALPHA-NUMERICS
    . '&'
    . 'chl='            // THE URLENCODED STRING
    . urlencode($q);
    ;
    $qrc = file_get_contents($url);

    // WRITE THE IMAGE
    $lnk = $dir . DIRECTORY_SEPARATOR . "QR_CODE_$f" . '.png';
    file_put_contents($lnk, $qrc);

    // CONSTRUCT THE RESPONSE
    $txt = htmlentities($q);
$out = <<<OUT
    <p>Voila! Here is the QR code for <b>$txt</b></p>
    <p><img src="$lnk" title="$f" /></p>
    <p>Right-click and save the image, or use this: <a target="_blank" href="$lnk">$f.png</a></p>
OUT;
    echo $out;
}

$form = <<<FORM
Enter up to 67 characters to see the QR code (maybe a URL?)
<form>
<input type="text"   name="q"    value="$q" size="67" style="font-family:Courier;" /><br/>
<input type="radio"  name="size" value="S" />Small (probably too small)<br/>
<input type="radio"  name="size" value="M" />Medium (probably just right)<br/>
<input type="radio"  name="size" value="L" />Large<br/>
<input type="radio"  name="size" value="G" />Gigantic<br/>
<input type="submit"             value="Get QR code" />
</form>
FORM;

echo $form;

Open in new window

0
stevaAuthor Commented:
Dave,

No, there's no reason not to use a database.  I have one already set up for the site so another table would be easy.  .But one difficulty I see with using a database  is that it's common to the site. The URLs someone enters into in the HTML textarea are specific to one of possibly many people using the site concurrently, each entering a different set of URLs into their textarea for me  to encode, so the $instructions variable I save in a database would have to be somehow tagged as belonging to this particular user.  While, if I could just get the $instructions to come back  from PayPal with the \r\n in tact I could use them directly and I would know they're for this particular user.

I think I'll just rebuild the $instructions with \r\n by exploding the $instructions returned by PayPal at 'www'  and then add back in 'http://www' before each array element and add "\r\n" after it. Something like below:


$urlArr = explode('www', $instructions);
$instructions = NULL;
for($i=1; $i<count($urlArr); $i++) {
	$instructions .= ('http://www' . $urlArr[$i] . "\r\n");  
}

Open in new window


Ray,

Yes, I know you can get QR codes on the web for free, but the client I program for has an established bar code business and business people (i.e., non technical)  who already trust him for bar codes  are glad to pay a small fee for QR codes, rather than strike out on their own to try to find something cheaper on the web.  That's where PayPal comes in.

My problem isn't generating the QR codes from a URL.  I already have PHP software that does that fine.  My problem is getting the URL list back from PayPal with the \r\n separators in tact.
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Dave BaldwinFixer of ProblemsCommented:
Virtually all ecommerce databases are common to their site.  You always have to identify the customer that goes with the data.

An alternative is to 'serialize' the data.  PHP offers a couple of ways to encode data into a string with delimiters.  Pick one that Paypal doesn't corrupt.  Or you could do it yourself, do a str_replace the '\r\n' with ':' and when you get it back, do explode on ':'.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
Agree with DaveBaldwin.  You do not want to assume that http://www is something your programming can find and mess with.  That is called a "mung" - a recursive acronym that means "mung until no good."  Example: https://cms.paypal.com/ - what would you do if you had that in the midst of the textarea?

The \r\n construct is, IIRC, a windows-only thing.  Windows, Mac and Unix have different line endings.  You can use the context-aware predefined constant PHP_EOL to help you write code that will work correctly across platforms.  I would do that every time, if I were programming this application.  You never know when a site will need to move to the cloud, for example.

If I understand your application correctly, a client will put several URLs into a textarea and submit them to your application.  The URLS will be separated by whitespace (blanks, tabs, or newline characters)  They will get several QR codes back - one for each of the URLs.  Is my thinking clear so far?

It's my sense that you can take the list of URLs from the textarea, put them into a data base table and get back a key after inserting the row.  You can use this key in the call to PayPal.  It might make a good "Item Number" field.  Once your script has received the payment-complete signal from PayPal, you can look up the list of URLs in the data base using the key that you passed in the Item Number.  You can convert them to QR-codes and present a page with the URLs and the QR codes, or you can email links to the QR codes.  Is that set of assumptions correct?

If that part is right, please tell me where you fit PayPal into the mix.  My guess is that you would have a page that acquires the URLs, then a page with a "buy now" button, but that is only a guess.  Please help us understand that part and we will be able to help you come up with a solution.  Let us know if you are using dynamic or encrypted buttons.

Thanks and regards, ~Ray
0
stevaAuthor Commented:
Thanks for responding guys.  I always learn something from your posts.

Dave,
"Virtually all eCommerce databases are common to their site.  You always have to identify the customer that goes with the data."

Yes, you're right, of course. And I already have a record for this customer.  I could put the textarea string, while it still has the CRLFs between each URL, in a VARCHAR.  and just pass the customer's database index ('orderId') to PayPal, which should come back fine.  But theoretically, the list of URL is unlimited, so how long do I make the VARCHAR?  It still seems cleaner if I can just pass the list to PayPal and get it back without corruption.

I wasn't aware of PHP's serialize functions.  These seem to be provided to serialize complex objects like arrays and objects so you can store them anywhere as a string.  I'm already starting with a string.  It's not obvious what serializing it would do for me.

Ray,

"You do not want to assume that http://www is something your programming can find and mess with. "
Yes, you're probably right. Not every URL has 'www' and it's conceivable that some URL could use 'www' again in the text.  

"The \r\n construct is, IIRC, a windows-only thing."

No, I don't think so.  I think \r\n is an HTML thing.  Hitting Enter while you're typing into a textarea inserts \r\n.  Or are you saying that HTML may act differently depending on what machine it's running on?  That would be a pain, if Windows users sent me \r\n while Mac and Linux users sent me \n.

"If I understand your application correctly, a client will put several URLs into a textarea and submit them to your application.  The URLS will be separated by whitespace (blanks, tabs, or newline characters)  They will get several QR codes back - one for each of the URLs.  Is my thinking clear so far?"

Yes, that's it exactly.

"It's my sense that you can take the list of URLs from the textarea, put them into a data base table and get back a key after inserting the row.  You can use this key in the call to PayPal.  It might make a good "Item Number" field.  Once your script has received the payment-complete signal from PayPal, you can look up the list of URLs in the data base using the key that you passed in the Item Number."

Yes,all true, but it seems like it's a bit messy putting an unlimited list of items (the URLs)  into a database record.  Would you use a big VARCHAR?  Would you create a separate table and have a row for each URL? It's seems much cleaner if I can just send the list off to PayPal and get it back in good shape.

"You can convert them to QR-codes and present a page with the URLs and the QR codes, or you can email links to the QR codes.  Is that set of assumptions correct?"

Almost.  I generate png images of the QR codes and attach them to an email to the customer.

"If that part is right, please tell me where you fit PayPal into the mix.  My guess is that you would have a page that acquires the URLs, then a page with a "buy now" button, but that is only a guess. "

We sell the QR codes.  The pay form has a place for credit card information and has the textarea element  to enter the URLs to encode.  When I get the form I process the card before I generate and send the QR codes.

"Let us know if you are using dynamic or encrypted buttons."

I assume you're talking about the PayPal type buttons. I'm using the PayPal Pro API, which doesn't use PayPal buttons.  With this interface the user can use a credit card to pay without ever knowing that PayPal is processing the card. Or the user can pay with their PayPal account.  The backend PHP communicates with PayPal via cURL.



0
Dave BaldwinFixer of ProblemsCommented:
"I think \r\n is an HTML thing."  Nope, OS thing.  Windows uses '\r\n', Unix/Linux uses '\n', and Mac uses '\r' and that will be shown in most things done on those machines.  That's the reason for the PHP_EOL constant.

Getting rid of the line endings and replacing them with a delimiter will prevent the Paypal code from splitting up the data you send them.  You will then get it back the way you sent it.  Maybe.

If you were posting it to some of my sites, any active URLs have at least the 'http://' stripped off to prevent them from being active links.  That's a defensive measure to keep my customers from accidentally clicking on spam URLs that people post at times.

I limit the number of characters in a textarea both on entry and when POSTed as another spam defense.  A VARCHAR in your database only needs to be as large as your customers will legitimately enter or ask for.  In practical terms, it's not unlimited.
0
Ray PaseurCommented:
Hmm.. Seems we have morphed from a question to an application development requirement.  But a big "varchar" makes sense to me. So does putting a limit on the size of the QR code URLs and the URL list (the length matters -- it affects the error recovery, etc.)

Suggest you post the URL of this web application here so we can look at it in action and but a QR code from it.  We may have some suggestions to make the best of it.
0
Dave BaldwinFixer of ProblemsCommented:
We 'morph' a lot around here....
0
Ray PaseurCommented:
Yeah, Dave.  Me especially!

Merry Christmas, ~Ray
0
stevaAuthor Commented:
'Sorry.  I didn't mean to morph, but Ray, you asked for more detail so I provided it. I'm going to move on with a delimiter that PayPal doesn't swallow up:  'http://' I'll make sure this is in front of every URL and use it to explode on when the string comes back from PayPal.

Before wrapping this up, though, I would like try to get a bit more clarification on the textarea EOL questiion. Dave, when I said I thought it was an HTML thing you said, " Nope, OS thing:  Windows uses '\r\n', Unix/Linux uses '\n', and Mac uses '\r' and that will be shown in most things done on those machines.  That's the reason for the PHP_EOL constant."

First, the PHP_EOL constant only applies to servers, since that's the only place PHP is executed.  I'm dealing with people sitting at their desktop or laptop at home, hitting Enter as they put in multiple URLs for me  to encode. What is THAT EOL going to look like?  That's the question.   I can say with certainty that when a Mac fills in the textarea in the form and hits the  return key to enter multiple URLs,  I receive the characrters 13 10 at the end of each URL, exactly  the same as i receive when a Windows machine fills in the textarea.  That's why I say it's an HTML thing.  The browsers have standardized this, independent of what the host OS running the browser might want to do.

0
Dave BaldwinFixer of ProblemsCommented:
You may be right.  I can't find anything definitive.
0
stevaAuthor Commented:
OK.  That's it.  Thanks to both of you for the interesting discussion. I split the points.  

Merry Christmas!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.