views:

454

answers:

1

Hi , i have quick question, i'm setting up recurring subscriptions for paypal and i can't configure but saved buttons, (not like web_accept where i could define all the vars in the form to send...) so it results a form like this:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="KN7ACTU8MVZNE">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_subscribeCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

so basicaly that identifies a saved button and proceses my request...

now i wish to identify one ID from my cart DB say 1122 send it to paypal and receive it on the postback, on the normal web payments standard i would of send something like:

<input type="hidden" name="custom" value="1122">

and i would of get a ipn notification with that custom var...

Is it still availabe in the subscr_signup version? with saved buttons?

+1  A: 

Yes, except in this case, you can stuff information into the profile_reference field. Actually, I'm not 100% sure that I'm correct, but I figured I'd answer just in case to point you in the right direction.

Mike Sherov
ok meanwhile i've tested, and it results that i do receive on the postback the custom field...what i do to not let the customers change their transacion id is send it with a hash made from some fields and a salt..so i recompose that hash and check it against the original one..pretty neat :)
PartySoft
Yes, never trust data from the custom field unless you can use a hash as you've described. Great point.
Mike Sherov