does anyone know how to retrieve hidden input custom var of the paypal express checkout once the payment redirects back the user to the thank you page ?, here's my code
<form action="https://sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="test#gmail.com">
<input type="hidden" name="item_name" value="<?php echo $this->input->get('GeneralHealth').'test'; ?>">
<input type="hidden" name="item_number" value="<?php echo $this->input->get('GeneralHealth'); ?>">
<input type="hidden" name="amount" value="<?php foreach($query3->result() as $row){echo $row->price; } ?>">
<input type="hidden" name="quantity" value="1" disabled="disabled">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="custom" value="<?php $id = $this->ion_auth->get_user(); echo $id->id; ?>" />
<input type=hidden name=notify_url value="http://ci/paragon/site/thankyou" />
<input type="hidden" name="return" value="http://ci/paragon/index.php/site/thankyou" / >
<input type="image" id="checkout" src="https://www.paypal.com/images/x-click-but6.gif" Border="0" name=submit><br>
<input type="hidden" name="add" value="1"></form>
there, based fromt he code above, how will I get the value of the custom hidden field ?
From my experience, you execute one of PayPal's API calls to receive the transaction details based on your PayPal credentials and a token generated by PayPal as a result of a successful purchase. Check out Step 2C.
In your own PayPal account, you should have specified a script PayPal will contact upon confirmation of the transaction. That same page should open another connection with PayPal again, to confirm that the source is valid. From the first request, you should receive all of the information you would need.
Here is the code that I use:
//posts transaction data using fsockopen.
function fsockPost($url,$data) {
//Parse url
$web=parse_url($url);
//build post string
foreach($data as $i=>$v) {
$postdata.= $i . "=" . urlencode($v) . "&";
}
$postdata.="cmd=_notify-validate";
//Set the port number
if($web[scheme] == "https") {
$web[port]="443";
$ssl="ssl://";
} else {
$web[port]="80";
}
//Create paypal connection
$fp=#fsockopen($ssl . $web[host],$web[port],$errnum,$errstr,30);
//Error checking
if(!$fp) {
echo "$errnum: $errstr";
} else { //Post Data
fputs($fp, "POST $web[path] HTTP/1.1\r\n");
fputs($fp, "Host: $web[host]\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: ".strlen($postdata)."\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $postdata . "\r\n\r\n");
//loop through the response from the server
while(!feof($fp)) {
$info[]=#fgets($fp, 1024);
}
//close fp - we are done with it
fclose($fp);
//break up results into a string
$info=implode(",",$info);
}
return $info;
}
$result=fsockPost("http://www.paypal.com/cgi-bin/webscr", $_POST);
The $result variable (bottom) is filled with the response text (which serves as a verification that it is from PayPal). The POST values that come from the first call of this scrip (which should be from PayPal) should contain all of the information you need. Here is a sample dump of that ($postdata) (details have been altered...duh):
mc_gross=15.00&protection_eligibility=Ineligible&address_status=confirmed&payer_id=123456789T4JL&tax=0.00&address_street=23+23rd+Ave&payment_date=39%3A42%3A34+Feb+23%2C+2011+PST&payment_status=Completed&charset=windows-1252&address_zip=12345&first_name=John&mc_fee=0.81&address_country_code=US&address_name=John+Doe¬ify_version=3.0&custom=&payer_status=verified&business=yourbusiness.com&address_country=United+States&address_city=NYC&quantity=1&verify_sign=AShYUCI1AJfCySIHj5coaxvlUU.RAHLmp.bWuPpa4vyNvWgV9qowpF3f&payer_email=payer_mail%40gmail.com&txn_id=48661819D0514811P&payment_type=instant&last_name=Doe&address_state=NY&receiver_email=your%40mail.com&payment_fee=0.81&receiver_id=RVBKNFXM3HCQL&txn_type=web_accept&item_name=Donation+-+23j&mc_currency=USD&item_number=d565ef66e70&residence_country=US&handling_amount=0.00&transaction_subject=Donation+-+23j&payment_gross=15.00&shipping=0.00&cmd=_notify-validate
Let me know if that helped.
The cm GET var holds the value of the custom hidden field, when PayPal redirects back to your site.
Related
So I'm doing a site selling membership plan (monthly billing)
User will need to input a registration form (name, ICNumber, etc which may be different to the paypal used by this user)
Upon clicking 'next/submit', system will save the posted data inside a session, and will display it again in another page so it's like a confirmation page.
Inside the confirmation page,
<form method='post' action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_ext-enter">
<input type="hidden" name="redirect_cmd" value="_xclick-subscriptions">
<input type="hidden" name="item_number" value="<?php echo $plan[0]['id'];?>">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="item_name" value="<?php echo $plan[0]['plan_name'];?>">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="a3" value="<?php echo $plan[0]['plan_price'];?>">
<!--change p3 value 1M=1month, 1D(t3) = 1 day-->
<input type="hidden" name="p3" value="1">
<!--change value=M as month-->
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<!--here change to your seller sandbox account-->
<input type="hidden" name="business" value="seller-facilitator#test.com">
<input type="hidden" name="return" value="<?php echo base_url(); ?>signup/success">
<input type="hidden" name="notify_url" value="<?php echo base_url(); ?>payment/subscribe" />
<input type="hidden" name="rm" value="2">
<!--and echoing out bunch of data (name, ICNumber, phone number etc) posted from previous page,, which has been stored into a session array-->
So, user can do the payment, the money has come into the seller account, and buyer's balance has been deducted.
So my questions:
1. where should I put my ipn link? Is it inside 'notify_url' AND 'return' url?
2. If my understanding is correct, we 'should' put a link under our profile>selling preference>IPN so I have updated my profile, and put mydomain.com/controller/ipncode (I'm using codeigniter)
3. I turned on auto-return, but even on live, the site won't autoreturn. This is minor issue; my return page contains a simple 'thank you' page. Now, since the txn_type when the payment is made is "subscr_signup" therefore, NO txn_id, NO payment_status UNTIL the txn_type changes to 'subcr_payment', and this may occur long AFTER or BEFORE the user returns to our main site and surfing. So I need to save the registration data (as the user submitted) for his login. After payment, user can directly login, no matter what the payment outcome will be as the end, the seller and buyer will have to meet up for transaction (this is a rental dvd site, so buyer must go down to the retail shop and collect the dvds he books through the site).
But to make the life of the seller easier, it'd better if I can update the membership_status to 'active' IF the payment_status is verified and completed.
So far, my IPN code is this
$req = 'cmd=_notify-validate';
$fullipnA = array();
$url ='https://www.sandbox.paypal.com/cgi-bin/webscr';
foreach ($_POST as $key => $value)
{
$fullipnA[$key] = $value;
$encodedvalue = urlencode(stripslashes($value));
$req .= "&$key=$encodedvalue";
}
//$fullipn = Array2Str(" : ", "\n", $fullipnA);
$curl_result=$curl_err='';
$fp = curl_init();
curl_setopt($fp, CURLOPT_URL,$url);
curl_setopt($fp, CURLOPT_RETURNTRANSFER,1);
curl_setopt($fp, CURLOPT_POST, 1);
curl_setopt($fp, CURLOPT_POSTFIELDS, $req);
curl_setopt($fp, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded", "Content-Length: " . strlen($req)));
curl_setopt($fp, CURLOPT_HEADER , 0);
curl_setopt($fp, CURLOPT_VERBOSE, 1);
curl_setopt($fp, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($fp, CURLOPT_TIMEOUT, 30);
$response = curl_exec($fp);
$curl_err = curl_error($fp);
curl_close($fp);
$custom=$this->session->userdata('registration'); //this contains the submitted registration data in a session array
$this->load->model('signup_model');
//'VERIFIED' only qualifies if the txn_type=subscr_payment(seller has received the money)
//if payment status is verified, then update DB/activate the account
if (strcmp ($response, "VERIFIED") == 0) {
if($_POST['payment_status']=='Completed') {
//this is to get customer_id based on the ICNumber posted upon registration (which is stored inside a session)
$cid=$this->signup_model->getCustomerID($custom['nric']);
//this is to update membership_status to active if payment is verified and completed
$this->signup_model->updatePlanStatus($cid[0]['id'],1);
$this->signup_model->test('payment status complete and verified', $cid);
} else {
$cid=$this->signup_model->getCustomerID($custom['nric']);
$this->signup_model->updatePlanStatus($cid[0]['id'],0);
$this->signup_model->test('payment status NOT complete but verified', $cid);
}
}
//'Invalid' if paypal can't process the payment
//update account status as pending
if (strcmp ($response, "INVALID") == 0) {
$cid=$this->signup_model->getCustomerID($custom['nric']);
$this->signup_model->updatePlanStatus($cid[0]['id'],0);
$this->signup_model->test('payment status NOT verified', $cid);
}
I'm also confused WHERE to put the sql syntax to insert the registration data into the DB.
Currently because I don't know how to use IPN properly, the return url (which is a thank you page), I put mysql db insert there. So, when user click 'return to main site', system will insert the registration details first, with membership_status = 0 (pending), this is to allow user to login directly to use the site.
Please guide me how should I put this all together.
Thanks!
I need to use paypal's IPN to create an order form on a client's website. He creates kydex holsters for his customers, so I need to have multiple options on the order form. In addition, I need to send an email containing an invoice to the customers, as well as my client, after the transaction is completed. I have literally ZERO experience with paypal IPN so I am looking for any advice, guidance, or examples anyone here has to offer me. I haven't had too much luck googling.
There are two really good options for this which don't include you doing it by hand. Why reinvent the wheel? Lots of really good, free examples of this exist already.
Use a CMS with e-commerce platform (drupal + ubercart or other, wordpress + woocommerce or other, magento) which include custom PayPal ordering.
The way PayPal recommends we do this is to generate a very complex, complete button on their website and then just snap this into a client site via php copy -> paste. This is a pretty sure-fire (pun) option for payment + options + invoicing, direct from PayPal.
Unless you're quick with POST, you'll be slogging for weeks on something that's been mastered and given back to the community several times.
If I were you I would get started at developer.paypal.com and from there you can set up your ipn stuff from there and look through the integration methods. Just a simple run down of how it works is:
Client orders from the site
Site sends product info over to paypal on redirection to paypal to confirm payment
Paypal notifies your ipn with transaction info along with all the stuff you sent them from step 2
Now what your ipn is going to do and should do is:
1. check for "VERIFIED" status and if so continue and if not DO NOT credit
2. check for duplicate transactions because you should store these because people like to try and pull a fast one on you
3. check for the correct currency because of exchange rates you want to only use for example USD and not Yen.
Now if everything is all good in the hood you can then begin to credit and from their you can provide emails to the administration and buyer even though paypal does that as well
Here are the steps you can follow.
Step1 Create IPN Form. make sure to pass IPN URL (notify URL) to paypal.
For Form variables, you can refer https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/Appx_websitestandard_htmlvariables/
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="seller#designerfotos.com">
<input type="hidden" name="item_name" value="hat">
<input type="hidden" name="item_number" value="123">
<input type="hidden" name="amount" value="15.00">
<input type="hidden" name="first_name" value="John">
<input type="hidden" name="last_name" value="Doe">
<input type="hidden" name="address1" value="9 Elm Street">
<input type="hidden" name="address2" value="Apt 5">
<input type="hidden" name="city" value="Berwyn">
<input type="hidden" name="state" value="PA">
<input type="hidden" name="zip" value="19312">
<input type="hidden" name="night_phone_a" value="610">
<input type="hidden" name="night_phone_b" value="555">
<input type="hidden" name="night_phone_c" value="1234">
<input type="hidden" name="email" value="jdoe#zyzzyu.com">
<input type="hidden" name="return" value="https//www.mysite.com/order/return">
<input type="hidden" name="cancel_return" value="https//www.mysite.com/order/cancel" id="cancel_return">
<input type="hidden" name="notify_url" value="https//www.mysite.com/ipn">
</form>
Step 2 Create IPN controller. For detailed understanding review https://developer.paypal.com/docs/classic/ipn/gs_IPN/
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) { $_POST[$key] = mysql_real_escape_string($value); }
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$header = '';
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
// assign posted variables to local variables
$content['payment_status'] = $_POST['payment_status'];
$content['payment_amount'] = $_POST['mc_gross'];
$content['payment_currency'] = $_POST['mc_currency'];
$content['txn_id'] = $_POST['txn_id'];
$content['receiver_email'] = $_POST['receiver_email'];
$content['payer_email'] = $_POST['payer_email'];
$content['txn_type'] = $_POST['txn_type'];
$content['paydate'] = date('Y-m-d H:i:s');
if (!$fp)
{
// HTTP ERROR
}
else
{
fputs ($fp, $header . $req);
if (!feof($fp))
{
$res = fgets ($fp, 1024);
if(strcasecmp($content['txn_type'], "subscr_payment") == 0)
{
//Action
}
else if(strcasecmp($content['payment_status'], "Completed") == 0)
{
//Action
}
else if(strcasecmp($content['txn_type'], "subscr_cancel") == 0)
{
//Action
}
}
fclose ($fp);
}
I have built an application, that sends a notification url with the GUID of the logged in user to PayPal, and upon completion of purchase, the url is called, and after verification, the user database entry updates the column purchased from 0 to 1.
The user then clicks the return to app button, and the premium functionality displays based on the purchased column.
I have been testing this over the last few months in the sandbox. 100% of the times tested (including after this issue), the premium tab displays after purchase completion.
Client is thrilled, and gives the go ahead to move to production. I have set up IPN with the exact same URL, I have changed literally nothing except switching from www.sandbox.paypal.com to www.paypal.com and changing the account listed from the sandbox business to the personal business.
Ths issue is, the button now doesn't show up, until, you refresh the screen. Clicking the "return to app" button, which previously was working as expected, now doesn't display the premium tab. Once I click refresh - it then shows up. If I switch everything back to the sandbox settings, boom - it works just fine again.
Here is the BuyNow button code with production account:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="buynowForm" target="_top">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="ACCOUNT EMAIL">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="item_name" value="Product">
<input type="hidden" name="amount" value="10.00">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type='hidden' name='notify_url' value='http://app.com/purchase/<?php echo $data[0]['uid'] ?>'>
<input type='hidden' name='return' value='http://app.com/'>
<input type="hidden" name="rm" value="1">
<input type="hidden" name="cbt" value="Return to Product Plus">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted">
<input type="submit" class="hidden-print visible-print" border="0" name="buysubmit" value="Click For Product Plus" alt="Click for Product Plus">
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
And here is the processing route called above:
$app->post('/purchase/:uid', function ($uid) use ($app) {
$request = Slim::getInstance()->request();
$inputs = json_decode($request->getBody());
$db_conn = conn();
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
if (get_magic_quotes_gpc())
{
$_POST[$key] = stripslashes($value);
$value = stripslashes($value);
}
$value = urlencode($value);
$req .= "&$key=$value";
}
$url = "https://www.paypal.com/cgi-bin/webscr";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
$result = curl_exec($ch);
curl_close($ch);
if (strcmp ($result, "VERIFIED") == 0)
{
$sql_st = 'UPDATE `user_data` SET `purchased` = 1 WHERE uid=:uid';
$sql = $db_conn->prepare($sql_st);
if ($sql->execute(array('uid'=>$uid))) {
$data = array('status' => "Ok");
} else {
$data = array('status' => print_r(mysql_error()));
}
}
else
{
// Did Not Process IPN Properly
}
});
REALLY hoping this is just something incredibly dumb on my part. Any help/guidance is appreciated.
Essentially the solution here is one of two options -
Build a secondary method of completion - in other words, the IPN is not the first line of defense for a purchased upgrade to software. Everything on my end is working, however the timing of the IPN (notify_url) call is too slow to make instant upgrades not exactly instant. Return them to a page that performs the upgrade then redirects.
Store the upgraded features behind a different route - this was PayPal's suggestion. Essentially, have app.com/basic and app.com/upgraded. This isn't really ideal, nor would I suggest it as a permanent solution.
Summed up - this is a known issue with PayPal. The sandbox and production workflows are basically different - not by function or API, but in usage - the production level account is getting hit more, and the time it takes to process the notifications are much slower.
Hope this helps someone.
I've never done a paypal integration before, however i have worked with other gateways.
With other gateways there is a hash which is also sent in the form post, this stops people from tampering with the data ie changing the amount.
How is this tampering stopped with paypal, there doesnt appear to be any hash.
<form method="post" action="https://www.sandbox.paypal.com/cgi-bin/webscr">
<input type="hidden" value="_xclick" name="cmd">
<input type="hidden" value="online****#theg*****.com" name="business">
<!-- <input type="hidden" name="undefined_quantity" value="1" /> -->
<input type="hidden" value="Order" name="item_name">
<input type="hidden" value="NA" name="item_number">
<input type="hidden" value="22.16" name="amount">
<input type="hidden" value="5.17" name="shipping">
<input type="hidden" value="0" name="discount_amount">
<input type="hidden" value="0" name="no_shipping">
<input type="hidden" value="No comments" name="cn">
<input type="hidden" value="USD" name="currency_code">
<input type="hidden" value="http://XXX/XXX/XXX/paypal/return" name="return">
<input type="hidden" value="2" name="rm">
<input type="hidden" value="11255XXX" name="invoice">
<input type="hidden" value="US" name="lc">
<input type="hidden" value="PP-BuyNowBF" name="bn">
<input type="submit" value="Place Order!" name="finalizeOrder" id="finalizeOrder" class="submitButton">
</form>
So how can i stop people amending the amount before posting to paypal? I.e amount should be 100 but people changing it to 1.
There are a couple ways to prevent this. The first is using PayPal's Instant Payment Notification (IPN). Using this, you would compare the prices that PayPal posts back to you to confirm that they match what you are expecting. If they don't match, you cancel the order.
Example Workflow:
User Orders an item and modifies price to $0.01
Order is posted to PayPal, which shows price of $0.01
User accepts price and pays $0.01
PayPal calls your IPN URL and posts transaction details, showing that the user paid $0.01 for a thing
Your IPN checks the price that PayPal received ($0.01) verus what you were expecting ( > $0.01). Since they don't match, you cancel the order
Another option, is to use PayPal's Button API, to create dynamic, encrypted buttons. These are embedded into your page and the user clicks it to make their order. Since it is encrypted, the user is unable to reliably modify the source code during the transaction. A nice example of this is available in this answer. Additionally, you are able to combine this with the IPN option listed above to serve as a nice audit of the transaction
What you need to do is implement a simple invoice system. Have a table in your database called invoices (ID, User_Id, Invoice_Value, Payment_Status) (example).
When the user gets to the checkout page, by now you should have inserted an entry in the db table for that user, for the total amount they have to pay and a initial payment status of "Pending"). After inserting the invoice table row, get the last insert id and to a variable called $invoice_id.
Now, you output the html paypal checkout button form and one of the hidden input field should be like this:
<input type="hidden" value="<?php echo $invoice_id; ?>" name="custom">
Now, when paypal responds with the IPN to your return URL, your IPN handler should behave something along this way:
<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://sandbox.www.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
// HTTP ERROR
}
else
{
// Make Request To PayPal
fputs ($fp, $header . $req);
while (!feof($fp))
{
// Read Response
$res = fgets ($fp, 1024);
// Check Response
if (strcmp ($res, "VERIFIED") == 0)
{
// PAYMENT VALIDATED & VERIFIED!
// Load the Invoice_Value from invoices table for $_POST['custom']
// and compare it with paypal posted amount held in $_POST['mc_gross']
// if it matches, paypal has authenticated the payment and the value has not been tampered with
// update the invoice table and set the payment status
}
else if (strcmp ($res, "INVALID") == 0)
{
// PAYMENT INVALID & INVESTIGATE MANUALY!
}
}
fclose ($fp);
}
?>
I have two ways to check from user:
1.if user input (Amount field < 5(user credit):
do update database the remain amount in my database table.
2.if user input(Amount field) > 5(user credit):
Do paypal transaction with the submit form.
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" id="payPalForm">
<input type="hidden" name="item_number" value="01 - General Payment to FreelanceSwitch.com">
<input name="item_name" type="hidden" id="item_name" size="45" value="Posting job">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="business" value="seller_1265789181_biz#xxx.xxx.xx">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="return" value="http://freelanceswitch.com/payment-complete/">
Paying Page:<input name="amount" type="text" id="amount" size="5">
<input type="submit" name="Submit" value="Pay">
</form>
Anybody could tell me how to do with the paypal submit form with the conditions.?
thanks.
Thanks #Donny Kurnia ,now I have tried:
EDIT::
function compare_user_credit($paying_price, $user_credit){
$db = &JFactory::getDBO();
$user =& JFactory::getUser();
$user_id = $user->get('id');
if ($paying_price <= $user_credit) {
$remain_credit = $user_credit - $paying_price;
//DO UPDATE:enough credit
update_user_credit_after_paying($remain_credit,$user_id);
$action_after_paying = header("Location: index.php?xxxx=5");
}
# Case2 direct to paypal with the submit form.
else if ($paying_price > $user_credit){
//Need submit form to paypal.
$action_after_paying = header("Location: index.php=xxxx&paypal=".$_POST["amount"]);
}
return $action_after_paying;
}
$output = '<form method="POST" > ';
$output .='<h1>Credit:'.get_credit().'</h1>';
$output .= ' Paying Page <input type="text" name="amount" size=3 max_length=5 />';
$output .='<input type="submit" name="pay" value="pay" />' ;
echo $output;
if(isset($_POST["pay"])){
compare_user_credit($_POST["amount"], $user_credit);
}
HOw Could I do with Paypal in Case 02.(direct to paypal with submit form.)
Maybe you can receive the form submit to your own code and then check it's value. If it satisfy the first condition, do the database update. If it satisfy the second condition, redirect the user to a page that have hidden form that will submit to paypal. You can populate the data in this hidden form using data from database or previous form input, and put a javascript code so the form will automatically submitted when the page is loaded.
In my code, I use Micah Carrick's Paypal IPN class to send data to paypal. The class have a sample code on how to display the hidden form, with a submit button in case the javascript is disabled.