Just a quick question about how to handle onsubmit

[Sharkadder]

Ok on my website i have a submit button, if the user is not signed in to the website, it will take them to the login page. If they are signed in, it will pass their query to paypal for further processing.Now the question i have is about the "onsubmit" of a button, as you know you cannot apply php to this button with functions such as mysql functions.What would i need to do to check that the submit button has been pressed and then execute the database data to mysql, i believe they might be a php function to check that a button with a certain name has been pressed, or am i wrong?Here is the code i use for the button: echo "<input value='Checkout' onclick='if (ChkOpts ()) document.forms.ppform.submit ();' type='button'>";the document.forms.ppform.submit() is a function from an external javascript file, so i cannot include the php within that.thanks

[Skemcin]

Assign the button a name and id attribute and then check to see if that is defined in the form scope. I'm not a php coder, but I could give you the ColdFusion code easily. Hopefully the logic will help some.

[Sharkadder]

i tried the default php code for it and it isn't working, i am within the form scope, i named my button "submit", i then called a php function to check it but nothing.Here is the start of the form and the code i have been using:<form action="https://www.paypal.com/cgi-bin/webscr" method="post" name="ppform"> <p><input name="cmd" value="_cart" type="hidden"><input name="upload" value="1" type="hidden"><?phpif (isset($_POST['submit'])) {$servername='***********';// username and password to log onto db server$dbusername='******';$dbpassword='******';// name of database$dbname='********';$db = mysql_connect($servername,$dbusername,$dbpassword); mysql_select_db($dbname,$db); mysql_query("INSERT INTO satellitebox(Username, Boxtype, Subtype, Sublength, Subleft, Startdate, Expirydate) VALUES('$theusername','$boxtype','$subtype','$sublength',$subleft,'$startdate','$expirydate') ") or die(mysql_error()); }?>That is the start of the form, why will the mysql database not insert them values into the database? i have check and all my variable names are correct, i have also checked and all the mysql column names are correct, the submit button for the form is called "submit" but yet when i do a $_post['submit'] i get nothing.Does it matter if my form was created in html? that personally shouldn't be a problem, i have created loads of forms in html before and linked php in with it. If i execute the php code within the form itself my paypal function stops working, so i need to do it outside the form, even if i could get it to depend on a variables value 0 or 1 when the form is submitted would do, any way as long as i can get it to work.thanks

[astralaaron]

Hi just wondering why you are storing info into the database before the user pays? what if they go to paypal and decide to just leave the page, makes more sense to enter the information when paypal sends it's response back to you letting you know if the transaction was successful.

$db = mysql_connect($servername,$dbusername,$dbpassword);mysql_select_db($dbname,$db);$insert = "INSERT INTO `satellitebox` ";$fields = "(`Username`, `Boxtype`, `Subtype`, `Sublength`, `Subleft`, `Startdate`, `Expirydate`) ";$values = sprintf("VALUES('%s','%s','%s','%s','%s','%s')",	  	   mysql_real_escape_string($theusername),	  	   mysql_real_escape_string($boxtype),	  	   mysql_real_escape_string($subtype),	  	   mysql_real_escape_string($sublength),	  	   mysql_real_escape_string($startdate),	  	   mysql_real_escape_string($expirydate));$query = $insert.$fields.$values;$exe   = mysql_query($query);if(!$exe){die(mysql_error());}

I think you need a few ` 's in there. Also you should always use mysql_real_escape_string() where a user enters information into your database or they can do SQL injections.

[astralaaron]

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" name="ppform">

that right there is why, the action= is where the information is being sent. you are sending the information to paypal's website that is why

<?phpif (isset($_POST['submit'])) {$servername='***********';// username and password to log onto db server$dbusername='******';$dbpassword='******';// name of database$dbname='********';$db = mysql_connect($servername,$dbusername,$dbpassword);mysql_select_db($dbname,$db);mysql_query("INSERT INTO satellitebox(Username, Boxtype, Subtype, Sublength, Subleft, Startdate, Expirydate) VALUES('$theusername','$boxtype','$subtype','$sublength',$subleft,'$startdate','$expirydate') ") or die(mysql_error());}?>

the above is trying to happen when the page first loads, not after you submit your form.when a php file loads it goes through the page and executes what's inside of <?php ?> tags before any htmlnot the other way around..I still think you are doing it backwards :} when paypal sends a response is when I think the mysql insert should happenthen again I really don't know what your website is about... so good luck

[Sharkadder]

so you think i should insert all the data on the successful page?I understand your concern, the plan was to have a column in the table that said if the user had paid or not, that variable would change on the successful page. So you think i should just do the whole database actions on the successful page to save all this hastle?thanks, now i think of it yeah it does seem a lot easier.I shall have a go at that over the next day or 2, the only problem will be getting the variables from one page to the next but i can just set a cookie up for that.thanks for the help, now i realise just how php works on a web page more, i didn't realise it goes through all the code within php blocks before the html blocks.

[astralaaron]

Yeah I just recently did something like that but instead with authorize.net, I have used paypal in the past before.. they have a help file some where with all of the variables paypal sends back to you so you can catch them with php $_POST or $_GET and have your programs update your database based on them.

[Skemcin]

I don't know if I totaly agree witht eh logic of inserting all the information after the payment is made.For one, if you use an external processing site like paypal, I'd like to see a record created before you let the user leave your site. This gives you the ability to write some code that reviews the submission and make sure it meets all the technical requirements of your external processing site. This, alone, will almost ensure 100% success in payment collection. If you depend on the success page to do all the inserting, then you need to make the external processing site carries over all the information. In addition to that, it wouldn't take too long for someone to figure out how to hack that request - so you have a ton to make sure you check. If you insert everything in the user account, then you can pass less information to and from the payment processor.In short, I would only expect the payment process to do just that - process the payment. I wouldn't feel comfortable depending on it to remember everything I need to in order to create my insert.So, the solution, pretty simple.Instead of having the user click submit and then intercept that or send it directly to paypal (in your case), have the submit button go to a order confirmation page. Here, just dump their order on the screen in plain HTML like an invoice. Have one submit button on the bottom. Now, the key here, do not reproduce all the information in hidden fields - thats too easy to hack. Store all your cart information in the session so the source of your order confirmation page only has the submit button. Then have it post to a final action page where you post that information to paypal.There are always more than one way to skin a cat, so you can do it how ever you feel comfortable. The approach above allows you to create a report of orders created but never fulfilled. You will need to know if paypal is causing a drop off in your orders. If it is, then it might be worth it to use a formal payment processing procedure.Think of it like a grocery store. Let say you only accept cash. A person fills their cart with food and gets in line. The cashier has the whole thing run up. The cashier says we only take cash. The customer says I only have debit/visa. The cashier says, there is an ATM right over there. How will you know who that was if they never come back? How many times has this happened?Database the transaction as unpaid before you send the user to paypal. Let the success page do just that, flag the payment as completed.

[astralaaron]

I should add to my post that I am not a professional! :]what skemcin said makes sense - I would listen to him if I were you.

[Sharkadder]

well i hate to be the bare of bad news guys but the shopping cart i use was created usin g the dreaded javascript. It's taken me best part of 2 weeks studying it at what each function does.As you know, javascript is client side, which does mean editing the code can be accomplished easily. The way you speak of about store the values and then say payment received yes or no upon success is what i had planned, now i discover the system i have i cannot do it that way. Simply because the client side and server side no mot match, one comes before the other and it's just about impossible to transfer values between the 2. Att he minute i have been using cookies to store information between javascript and php, but like many things people edit cookies or they have cookies turned off, other than the use of AJAX or such a language which i have not studied.I think what i am going to do because people have fears for this, i am going to store my information upon success only for now, the user signs up to my site, all their details gets stored in a database, when they want to purchase something it will then go through paypal and payment stored upon completion only and do it that way.However due to all these concerns, i've been told that i could of just used a session array within php and the $_get to get the values from a form. The reason i stuck with the cart is because it allowed coupons to be inputted and shipping cost calculator, but again it's all client side, even if i encrypt the coupons with a hash function of some sort, it's still possible to get that code.So it's this for now, over the next few weeks the cart will be gone and a php one safe and secure will be put in place.