print string

Everything in the code works until this print string

print '<script>window.location="https://www.paypal.com/xclick/business=' . urlencode($paypal_email) . '&item_name=' . urlencode("Link") . '&item_number=' . urlencode(1) . '&amount=' . urlencode($sql->price) . '&no_shipping=1&return=' . paypalURL($full_url_to_the_path. "/add_link") . '&no_note=1&currency_code=' . urlencode($currency) . '&lc=' . urlencode($paypal_country_code) . '&notify_url=' . paypalURL($paypal_notify_url) . '&custom=' . $newid . '&on0=Url&os0=' . paypalURL($url) . '"</script>';

Code (markup):

What the heck is the problem?

 

ran it on my own machine, works fine with the paypalURL functions changed to print, i'm guessing the problem is not with the string itself.

 

Ok, I post the whole code thing then..

<? include("config.php");

$sql = mysql_query("SELECT price, numbern, duration_number, duration_type, manual_or_not FROM ".$prefix."linksale_prefs WHERE ID=1") or die(mysql_error(). " e75859397634908398479306497857428747");
$sql = mysql_fetch_object($sql);


if ($_POST['anchor'] && $_POST['URL'])
{
   $gid = mysql_fetch_assoc(mysql_query("select max(id) as maxid from ".$prefix."links where url = '" . addslashes($_POST['url']) . "' limit 1"));
   $newid = $gid['maxid'];
   $anchor = mysql_real_escape_string($_POST['anchor']);
   $url = mysql_real_escape_string($_POST['URL']);
   // $time_submitted=mysql_real_escape_string($_POST['URL']);
   $ip = $_SERVER['REMOTE_ADDR'];
   mysql_query("INSERT INTO ".$prefix."links (hreftext, url, time_submitted, ip) VALUES ('$anchor', '$url', NOW(), '$ip')") or die(mysql_error(). "e74538746284562994528452846");
   print "cff";
print '<script>window.location="https://www.paypal.com/xclick/business=' 
	. urlencode($paypal_email) 
	. '&item_name=' 
	. urlencode("Link") 
	. '&item_number=' 
	. urlencode(1) 
	. '&amount=' 
	. urlencode($sql->price) 
	. '&no_shipping=1&return=' 
	. paypalURL($full_url_to_the_path. "/add_link") 
	. '&no_note=1&currency_code=' 
	. urlencode($currency) 
	. '&lc=' 
	. urlencode($paypal_country_code) 
	. '&notify_url=' 
	. paypalURL($paypal_notify_url) 
	. '&custom=' 
	. $newid 
	. '&on0=Url&os0=' 
	. paypalURL($url) . ';"</script>';
}

?>

Code (markup):

All I get is a blank page with ''cff". The database adding went just fine.. the only thing that don't work is the paypal string.

 

try this

<? include("config.php");

$sql = mysql_query("SELECT price, numbern, duration_number, duration_type, manual_or_not FROM ".$prefix."linksale_prefs WHERE ID=1") or die(mysql_error(). " e75859397634908398479306497857428747");
$sql = mysql_fetch_object($sql);


if ($_POST['anchor'] && $_POST['URL'])
{
   $gid = mysql_fetch_assoc(mysql_query("select max(id) as maxid from ".$prefix."links where url = '" . addslashes($_POST['url']) . "' limit 1"));
   $newid = $gid['maxid'];
   $anchor = mysql_real_escape_string($_POST['anchor']);
   $url = mysql_real_escape_string($_POST['URL']);
   // $time_submitted=mysql_real_escape_string($_POST['URL']);
   $ip = $_SERVER['REMOTE_ADDR'];
   mysql_query("INSERT INTO ".$prefix."links (hreftext, url, time_submitted, ip) VALUES ('$anchor', '$url', NOW(), '$ip')") or die(mysql_error(). "e74538746284562994528452846");
   print "cff";
$link = "Link";
$fullpath = $full_url_to_the_path. "/add_link"

print '<script>window.location="https://www.paypal.com/xclick/business=' 
	. urlencode($paypal_email) 
	. '&item_name=' 
	. urlencode($link) 
	. '&item_number=' 
	. urlencode(1) 
	. '&amount=' 
	. urlencode($sql->price) 
	. '&no_shipping=1&return=' 
	. paypalURL($fullpath) 
	. '&no_note=1&currency_code=' 
	. urlencode($currency) 
	. '&lc=' 
	. urlencode($paypal_country_code) 
	. '&notify_url=' 
	. paypalURL($paypal_notify_url) 
	. '&custom=' 
	. $newid 
	. '&on0=Url&os0=' 
	. paypalURL($url) . '";</script>';
}

?>

Code (markup):

 

I have also try this code at my server and it works

<? include("config.php");

$sql = mysql_query("SELECT price, numbern, duration_number, duration_type, manual_or_not FROM ".$prefix."linksale_prefs WHERE ID=1") or die(mysql_error(). " e75859397634908398479306497857428747");
$sql = mysql_fetch_object($sql);


if ($_POST['anchor'] && $_POST['URL'])
{
   $gid = mysql_fetch_assoc(mysql_query("select max(id) as maxid from ".$prefix."links where url = '" . addslashes($_POST['url']) . "' limit 1"));
   $newid = $gid['maxid'];
   $anchor = mysql_real_escape_string($_POST['anchor']);
   $url = mysql_real_escape_string($_POST['URL']);
   // $time_submitted=mysql_real_escape_string($_POST['URL']);
   $ip = $_SERVER['REMOTE_ADDR'];
   mysql_query("INSERT INTO ".$prefix."links (hreftext, url, time_submitted, ip) VALUES ('$anchor', '$url', NOW(), '$ip')") or die(mysql_error(). "e74538746284562994528452846");
   print "cff";

print "<script>window.location=\"https://www.paypal.com/xclick/business=" 
	. urlencode($paypal_email) 
	. "&item_name=" 
	. urlencode(\"Link\") 
	. "&item_number=" 
	. urlencode(1) 
	. "&amount=" 
	. urlencode($sql->price) 
	. "&no_shipping=1&return=" 
	. paypalURL($full_url_to_the_path. \"/add_link\") 
	. "&no_note=1&currency_code=" 
	. urlencode($currency) 
	. "&lc=" 
	. urlencode($paypal_country_code) 
	. '&notify_url=' 
	. paypalURL($paypal_notify_url) 
	. "&custom=" 
	. $newid 
	. "&on0=Url&os0=" 
	. paypalURL($url) . "\";</script>";
}

?>

Code (markup):

 

Being the paranoid fool I am , I don't think you should leave the paypal redirection stuff to the client. He can just modify the URL, using Opera's Source Editing function. He can change the amount to... say $0.01 . I don't know if you are verifying it or anything. You COULD use cURL (http://www.php.net/curl ) to fetch the paypal URL and display it. That way, any bad guys won't be able to tamper with your system .

Just my $0.02 .
Thomas

 

PinoyIto , thanks but it doesn't work

coderlinks, I can check up the payed amount on my paypal file later on anyway.. however.. thanks for the advice!