Update Database On Page Load

5 posts by 2 authors in: Forums > CMS Builder
Last Post: January 24, 2011   (RSS)

By gkornbluth - January 21, 2011

Hi all,

Just checking to see if I’ve missed anything.

My client wants to charge a registration fee to create a database record for new potential students. She wants to refund the registration fee (only once) if a student signs up and pays for a class.

Here’s the logic I’m using:

1) When the parent of a potential student wants to register, they first pay a small registration fee. On submission of the application, a checkbox in the accounts database called “refund registration fee” is automatically set to ‘1"

2) When a parent goes to the pay tuition (through paypal) page, if the refund_registration_fee” checkbox =1, the tuition fee reflects the refund.

3) The parent is automatically redirected to a thank you page.

When the thank you page loads, if value of the refund registration fee field value is “0", the field is automatically reset to “0"

I’m using the following code after the record calls at the top of the viewer to accomplish step 3, but wanted to ask if anyone found something that ought to be changed before I take the page live.

Thanks for looking,

Jerry Kornbluth

<?php if ($CURRENT_USER ['registration_fee_refund'] == 1): ?>

<?php mysqlStrictMode(false);
$query = "UPDATE `{$TABLE_PREFIX}accounts` SET
registration_fee_refund = 0
WHERE num = '".mysql_escape( $CURRENT_USER['num'] )."'";
mysql_query($query) or die("MySQL Error:<br/>\n". htmlspecialchars(mysql_error()) . "\n");
$userNum = mysql_insert_id();

?>

<?php endif ?>
The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

Re: [gkornbluth] Update Database On Page Load

By Jason - January 21, 2011

Hi Jerry,

So this code is found on the "Thank you" page? There are a few small things I noticed.

First, you won't need this line:
$userNum = mysql_insert_id();

The user number hasn't changed and is still accessible from $CURRENT_USER['num']

I can't see the rest of the code on the page, but a potential security issue with your page would be if someone went directly to the thank you page url without first going through the paypal script. In that case, their registration_fee_refund value would be set to 0 without an actual transaction taking place. You should put some code at the top of the page that exits the script if you haven't received info from the paypal script.

The code it self looks fine as it will reset the value.

Hope this helps. Let me know if you have any other questions.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Update Database On Page Load

By gkornbluth - January 21, 2011 - edited: January 21, 2011

Thanks Jason,

I'll take out the $userNum = mysql_insert_id();

What are your thoughts if changed the name of the page to something less easy to come across.

The code currently operate only if a member is logged in. (Parents have to be logged in to access the payment pages anyway.)

Regarding PayPal feedback, unfortunately, I haven't gotten too involved with IPN yet, although I'd really like to integrate that with CMSB

Again, THANKS!!

We couldn't do most of this without you guys...

Jerry
The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

Re: [gkornbluth] Update Database On Page Load

By Jason - January 24, 2011

Hi Jerry,

Just being logged in wouldn't be enough, since a person could log in and then type in the address for the thank you page and then have their record changed. This is probably unlikely, but it's a potential issue.

One thing you could try to do for now would be to put a variable in your url when you redirect to the thank you page like this:

thankYou.php?paymentComplete=1

Then, in your thank you page you can put in this check.

if(!@$_REQUEST['paymentComplete']==1){
die("Error! You must complete your payment before coming to this page!");
}

Once you have a script that takes in feedback from paypal, you can have the change happen in that script instead of your thank you page. Then you won't have to worry about that issue.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/