Software, your way.
How To Get Good Custom Software
(Download)
(PDF)
burger menu icon
WillMaster

WillMaster > LibraryManaging Website Forms

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

PayPal Form Without PayPal ID

A friend had a client who did not have (or was unable to find) their PayPal Merchant ID.

So, instead of a merchant ID, the friend's client used their PayPal email address in their PayPal payment form — right where spambots can find it.

When a PayPal form is submitted, PayPal needs to know who is getting paid. The PayPal Merchant ID is generally used in the form.

For at least some PayPal forms, perhaps all of them, the email address of the person being paid can be used instead of a merchant ID. But doing that means the email address is findable in the web page source code.

The solution can be implemented for your PayPal payment forms if the forms contain a hidden field name="business" with a value of either your PayPal Merchant ID or your PayPal email address.

When the solution is implemented, the PayPal payment form requires neither a merchant ID nor an email address. Instead, the form information is sent through a relay script, which adds the id or address on-the-fly.

This is how it works.

  1. Customize the relay script found later in this article. Upload it to your server and make a note of its URL.

  2. Remove the hidden field name="business" from the PayPal form on your website that you are updating. And make the form submit to the URL of the relay script.

Whatever is sent to the relay script is also sent to PayPal when the information is relayed to them.

The Relay Script

Here is the relay script. Customization notes follow. 

<?php
/*
    Form to PayPal
    Version 1.0
    August 25, 2020
    Will Bontrager Software LLC
    https://www.willmaster.com/
*/

/* Customizations */

// Specify your PayPal email address or PayPal Merchant ID.
$BusinessID = "name@example.com";

// Specify where the relay-to-PayPal CSV-formatted log should be at (blank for no log file).
$LogFileLocation = "PayPalOrders.csv";

/* End of customization. */

if( empty($_POST) and (count($_POST)<2) ) { echo 'Inappropriate Access'; exit; }
mb_regex_encoding('UTF-8');
mb_internal_encoding('UTF-8');
date_default_timezone_set('UTC');
if( empty($LogFileLocation) ) { $LogFileLocation = false; }
else
{
   if( strpos($LogFileLocation,'/')===0 ) { $LogFileLocation = $_SERVER['DOCUMENT_ROOT'] . $LogFileLocation; }
   else
   {
      if( strpos($LogFileLocation,'./')===0 ) { $LogFileLocation = substr($LogFileLocation,2); }
      elseif( strpos($LogFileLocation,'../')===0 ) { $LogFileLocation = substr($LogFileLocation,3); }
      $LogFileLocation = __DIR__ . "/$LogFileLocation";
   }
}
$LogLine = array();
$LogLine[] = str_replace('"','""',date('r'));
$LogLine[] = $_SERVER['REMOTE_ADDR'];
$items = array();
$items[] = 'business='.rawurlencode($BusinessID);
foreach( $_POST as $k => $v )
{
   $kk = stripslashes($k);
   $vv = stripslashes($v);
   $LogLine[] = str_replace('"','""',"$kk=$vv");
   $kk = rawurlencode($kk);
   $vv = rawurlencode($vv);
   $items[] = "$kk=$vv";
}
$PayPalURL = 'https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&'.implode('&',$items);
if( $LogFileLocation ) { file_put_contents($LogFileLocation,'"'.implode('","',$LogLine)."\"\n",FILE_APPEND); }
if( headers_sent() ) { echo "<script>location.href='$PayPalURL'</script>"; }
else { header("Location: $PayPalURL"); }
exit;
?>

Customization notes —

There are two places to customize, your identification for PayPal and, optionally, the location of the log file.

  1. Replace name@example.com with either your PayPal email address or your PayPal Merchant ID.

    As of this writing, here is how to find your merchant ID at your PayPal control panel/dashboard (assuming desktop/laptop computer, mobile device may be different):

    1. Log into your merchant control panel at PayPal.

    2. Near the top-right of the page, under your login name, tap on "Account Settings".

    3. When the new page has loaded, you'll find "Business Information" on the left menu. Tap that.

    4. The PayPal Merchant ID is on the Business Information page.

  2. PayPalOrders.csv is the location of the log file (a CSV file). It logs every form submission that sends information to this script.

    If you wish a different name or location, change PayPalOrders.csv accordingly. To turn off logging, remove the PayPalOrders.csv value.

Installation

First, the relay script needs to be uploaded.

  1. Name the customized relay script paypalsupport.php or other *.php file name you prefer.

  2. Upload paypalsupport.php to your server and make a note of its URL.

Then, your PayPal form needs to be modified.

  1. Change the form tag's action attribute from the PayPal URL to the URL of the paypalsupport.php script.

  2. Remove the hidden field that currently contains your email address or PayPal Merchant ID.

That's it. You should be good to go.

Test it, of course. Little errors can creep in, typing errors for example.

Make certain it works as expected —

  • No errors with the relay script.
  • The PayPal destination responds with the correct item name and price.
  • The thank-you page comes up after payment (assuming you assigned one at your PayPal form).

Test the entire purchase process.

When it passes, your PayPal form is submitted to the paypalsupport.php script. The paypalsupport.php script adds your PayPal Merchant ID or your PayPal email address. Then all that information (the form information and your PayPal identification) is sent to PayPal.

Optionally, the paypalsupport.php script also logs the form submission.

The payer is taken to PayPal to arrange payment for you, just like the payer would expect.

(This article first appeared with an issue of the Possibilities newsletter.)

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

More "Managing Website Forms" Articles

Strong Form Protection From Bots

Multi-Select Scrolling List Box

Verifying Two Form Fields Have Identical Content

Other Recent Articles from the Library

Keeping Image Location Secret

Easier Reading of JSON Data

Fixed Position Image

Visually Centering Images

Cookie Directory Protection

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC