可以仅依靠 Paypal IPN 来记录购买吗?
我正在通过以下主要步骤从网站设置一个简单的立即购买"交易:
I'm setting up a simple 'buy now' transaction from a website with these major steps:
- 从价目表中选择产品
- 审核选择(金额、税费等)
- 在 Paypal 上处理付款
- 收据/谢谢
目前,我正在第 2 步中存储数据库记录 - 这可能意味着会有许多记录没有收到付款,因为人们最终决定不继续购买.这些记录没有实际用处,因为我将使用 Google Analytics 来跟踪结帐流程的成功程度.
At the moment, i'm storing a database record in step 2 - which potentially means there will be a number of records where no payment is received as people decide not to go ahead with their purchase after all. These records are of no real use since i'll use Google Analytics to track how successful the checkout flow is.
我正在使用 Paypal IPN 来验证付款的真实性,并根据在第 2 步插入的记录进行记录 - 但是,我是否可以完全依赖来自 IPN 交易的数据来首先填充数据库,因此不需要在步骤 2 中存储它们,并且必须进行数据库清理以删除从未完成的事务?
I'm using Paypal IPN to verify the authenticity of the payments and log them against the records inserted at step 2 - however, could I feasibly rely solely on the data from the IPN transactions to populate the database in the first place, thus removing the need to store them at step 2 and have to do database cleanup to remove transactions that never completed?
我个人认为没有理由不这样做 - IPN 包含我需要的有关付款的所有数据,可能还有更多数据,如果第一次没有通过,Paypal 会重新发送 IPN 数天服务器故障,但我是否遗漏了其他重要信息?
I personally can see no reason why I wouldn't - the IPN contains all the data I need about the payment and probably more besides, and Paypal will resend IPNs for several days if they don't go through first time due to server glitchery, but am I missing anything else important?
显然,首要考虑因素是没有交易丢失或未记录,因此不会导致客户不满意!
Obviously the number one consideration is that no transactions get lost or aren't logged so that no customer unhappiness ensues!
推荐答案
像您一样进行 2 向验证很重要.
It's important to do a 2 way validation like you have.
在用户离开您的系统前往 paypal 之前,您保存订单信息(总数、数量).当 ipn 回来时,您验证请求(它必须来自 paypal ip 或其他),您验证它是成功的交易,然后您的第 2 步进入场景.您验证从 paypal ipn 返回的总数是否与用户离开之前保存的总数相同(Paypal 有时可能会返回部分付款,用户可能会获取帖子数据并从修改后的 html 中发布自己的帖子 <代码>总代码>集).第 2 步还应存储买家的 user_id,因此您也必须进行比较.
You save the order info (total, quantity) before the user leaves your system towards paypal. When ipn come back you validate the request (it must be from paypal ip or whatever), you validate that it's a successful transaction then your step 2 enters the scene. You validate if the total returned from paypal ipn is the same with the total that was saved before the user left (Paypal sometime may return partial payments, the user may grab the post data and do his own post from a modified html with a lower total
set). Step 2 should also store the user_id of the buyer so you must compare that too.
这是一个示例层(没有编程语言,只是一个虚拟代码):
here's a sample layer (no programming language just a dummy code):
if request comes from paypal:
# query the order
if order.total == request.total && order.user_id == request.custom:
payment may come in...
相关文章