1
我正在将paypal支付网关集成到site.After成功支付后,我将其重定向到success.php文件。在success.php文件中,我包含了所有插入参数和成功消息。在付款后它正在重定向到success.php文件,但显示付款失败的消息并且没有数据被插入到数据库中。以下是我的success.php页面代码paypal支付网关集成
<?php
include 'dbConfig.php';
//Get payment information from PayPal
$item_number = $_GET['item_number'];
$txn_id = $_GET['tx'];
$payment_gross = $_GET['amt'];
$currency_code = $_GET['cc'];
$payment_status = $_GET['st'];
//Get product price from database
$productResult = $db->query("SELECT price FROM products WHERE id = = '".$item_number."'");
$productRow = $productResult->fetch_assoc();
$productPrice = $productRow['price'];
if(!empty($txn_id) && $payment_gross == $productPrice){
//Check if payment data exists with the same TXN ID.
$prevPaymentResult = $db->query("SELECT payment_id FROM payments WHERE txn_id = '".$txn_id."'");
if($prevPaymentResult->num_rows > 0){
$paymentRow = $prevPaymentResult->fetch_assoc();
$last_insert_id = $paymentRow['payment_id'];
}else{
//Insert tansaction data into the database
$insert = $db->query("INSERT INTO payments(item_number,txn_id,payment_gross,currency_code,payment_status) VALUES('".$item_number."','".$txn_id."','".$payment_gross."','".$currency_code."','".$payment_status."')");
$last_insert_id = $db->insert_id;
}
?>
<h1>Your payment has been successful.</h1>
<h1>Your Payment ID - <?php echo $last_insert_id; ?></h1>
<?php }else{ ?>
<h1>Your payment has failed.</h1>
<?php } ?>
什么,我做错了什么?
没有为一个准备好的语句。你[开放给SQL注入](http://stackoverflow.com/documentation/php/5828/pdo/2685/preventing-sql-injection-with-parametrized-queries) – Machavity