The file code below (Credits) adds credits to the website User account, after a purchase, via PayWithAmazon button, on the web site. Although I know this is not the best code, it works successfully, but I was told it had issues with not checking the return parameters. Based on that feedback, I then installed this: https://github.com/amzn/pay-with-amazon-express-demo/tree/master/php, which succeeds with a sandbox payment, but of course, doesn't add credits to the User account. So, I'm wondering if it's possible to combine parts of Credits file and get it to work together with the Amazon file, in order to successfully (and more securely) complete a payment and add credits to the User account. Any guidance will be greatly appreciated. Credits File: <?php /// - Database Information $dbhost = 'localhost'; $dbuser = '......'; $dbpass = '......'; $dbname = '......'; $conn = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($dbname); ///////////////////////////////////////////////////////////////////////////////////////// function getUsername($id) { $sql1 = "SELECT * FROM member_profile WHERE user_id = $id"; $query1 = mysql_query($sql1) or DIE(mysql_error()); $result = mysql_fetch_array($query1); return $result['user_name']; } header('Location: ../index.php'); include_once ('../classes/config.php'); include ('../classes/functions.php'); include_once ('../classes/sessions.php'); //gives us access to the user's cookies for validation //$date = $_GET['']; $user = $user_id; $price = 0; if (is_numeric($_GET['amount'])) $price = $_GET['amount']; $username = getUsername($user_id); $backp = $price; switch ($price) { case .10: $credits = 20; break; case .20: $credits = 40; break; case .30: $credits = 60; break; default: $credits = 0; } $sql2 = "INSERT INTO purchases (id, type, user_id, vid_id, date, name, uploader, uploaderID, title, amount, videoid, descr, promo) VALUES ('', 'purchase', '$user', '0', CURDATE(), '$username', 'none', 'none', 'none', '$backp', 'none', 'Purchased via Amazon', 'none')"; $query2 = mysql_query($sql2); $sql1 = "SELECT * FROM credits WHERE user_id = $user"; $query1 = @mysql_query($sql1); // ========================================================= // Error reporting for the above query is turned off, so we // don't know if the credits record was even found. // The following line fixes that issue by inserting a blank // record if the row count is zero. // ========================================================= if (mysql_num_rows($query1) == 0) { $sql1_I = "INSERT INTO credits (user_id) VALUES ($user)"; $query1_I = mysql_query($sql1_I) or die(mysql_error()); } // ========================================================= // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ // This code may be unneccessary considering an entry is made upon initial user registration. // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ $old = @mysql_fetch_array($query1); $balance = $old['total_credits'] + $credits; $purchases = $old['total_purchases'] + 1; $sql = "UPDATE credits SET user_id=$user, total_credits=$balance, pending_credits=0, last_purchase=CURDATE(), total_purchases=$purchases WHERE user_id=$user"; $query = mysql_query($sql); $template = "../themes/$user_theme/templates/main_1.htm"; $inner_template1 = "../themes/$user_theme/templates/inner_amazon_success.htm"; //middle of page $TBS = new clsTinyButStrong; $TBS->NoErr = true; // no more error message displayed. $TBS->LoadTemplate("$template"); $TBS->MergeBlock('mp', $members_full); $TBS->Render = TBS_OUTPUT; $TBS->Show(); ?> PHP: And here's the Amazon File: <html> <head> <script> function getParameterByName(name) { name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]"); var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"), results = regex.exec(location.search); return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " ")); } // Get the value for the resultCode from the URL var resultCode = getParameterByName('resultCode'); // If the resultCode is failure then this parameter will contain the reason code var failureCode = getParameterByName('failureCode'); // Get all the parameters as is from the URL var urlParams = '?'+ window.location.search.substring(1); /* If the Order was a success then redirect the User to the Success URL. * BUYER_ABANDONED_URL - URL where the buyer is sent when they abandon the order. * FAILURE_URL - For all other Failure scenarios the Buyer is sent here. */ if (resultCode === 'Success') { var successUrl = 'https://www.....com/payment/amazon/Success.php'; window.location.href = successUrl + urlParams; } else if (resultCode === 'Failure' && failureCode === 'BuyerAbandoned') { var abandonUrl = 'https://www......com/payment/amazon_failure.php'; window.location.href = abandonUrl + urlParams; } else if (resultCode === 'Failure' && failureCode === 'AmazonRejected') { var failureUrl = 'https://www......com'; window.location.href = failureUrl + urlParams; } else if (resultCode === 'Failure' && failureCode === 'TemporarySystemIssue') { var tempIssueUrl = 'https://www......com'; window.location.href = failureUrl + urlParams; } </script> </head> <body></body> </html> Code (markup):