I have created a sandbox paypal account to test the payment transactions.Its a personal account. I have created a buy now button which has a fixed price. I want to implement dynamic price for this button.Is it possible to edit the current button to implement dynamic pricing.Please help me .

The code is given below.

<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="325KDMR5R82CU">
<input type="hidden" name="amount" value="170.00">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

Thanks in Advance
Ghanasyam

You might not be able to overwrite it with a hosted button (not all inputs of a hosted button can be overwritten but some can, I forget which, but you could always create a 'normal' button and work from there), and it would depend upon what you mean by dynamic. But what you have in your post is what you would do more or less:



<input type="hidden" name="amount" value="170.00">

You would access that and change it via javascript (can be done without page reload, but would essentially allow a savvy user to set their own price) or a server side (more secure) language. Or even just hard code it to a different form element:


<select name="amount">
<option value="170.00">Regular ($170)</option>
<option value="185.00">Deluxe ($185)</option>
</select>

which would give the user the choice.

Exactly what you would do and which language to use depends upon the circumstances under which you want the price to change and upon how secure that needs to be. You could always make changes via javascript but then validate the price via a server side language before actual submission to PayPal.

thank you john for your support.I made a mistake earlier by adding <input type="hidden" name="amount" value="170.00"> with button code.It wasnt with the actual code.I added it to check whether i can change the actual fixed amount of 300 USD TO 170 USD.By dynamic pricing i mean changing the amount of the paypal button dynamically.For example if i enter the price of an item dynamically using a textbox , then the amount of the button also should change.I hope u got the exact requirement.

the actual code of button was :

<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="325KDMR5R82CU">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">



Thanks in advance

Ghanasyam

. . . adding <input type="hidden" name="amount" value="170.00"> with button code.It wasnt with the actual code.I added it to check whether i can change the actual fixed amount of 300 USD TO 170 USD . . .

Well, did that experiment work? If so, you can do this:


<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="325KDMR5R82CU">
<label>Name Your Price: <input type="text" name="amount" value="170.00"></label>
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_paynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>

But that means that the user could enter like 2.00 for 300.00 item.

And, as I said, I forget whether or not you can change a hosted button in that manner. If not, you have to make a normal button and save its code to your page and change its amount input to the one shown in the above code.

thank you john.My issue is solved.I have created normal button and avoided the host button. Now only i understood that there are different payment buttons in paypal.Your advice helped to search for a normal button generation methods.

thanks

Ghanasyam

hosting your own button in this way is dangerous: the reason PayPal has hosted buttons is to avoid fraud. I've built dynamic buttons like this before, but I wouldn't feel comfortable doing it without the following precautions:

1) keep the button on a password-protected page. Limit the number of people who can see the button to people who have registered with you and/or are actually interested in making a purchase. Don't make it available to the general public.

2) MORE IMPORTANTLY, validate each purchase. Keep a database record of each custom button you produce, and use Paypal's IPN (Instant Payment Notifications) and PDT (Payment Data transfer) APIs to confirm that the details are exactly correct. Reject any transaction that does not exactly match your records, down to the last detail.

By not using PayPal's hosted buttons, you are taking the responsibility for preventing fraud onto yourself. And PayPal will hold you responsible if you accept a fraudulent payment.

What exactly is fraud in this case? I'm not sure how you could be liable if someone gives you money. (I'm not arguing-- I'd like to know more.)

it's mostly protection on your end, and especially when you have a product that ships automatically (e.g., a file download).
example:

1) you have a paypal button in plain html, for a $200 product.

2) user looks at source, reproduces button with $2 price.

3) you get the payment notification (which was successful), but don't validate properly.

4) PayPal won't help you. If it comes to legal action and you try to involve them, all they will say is "the payment was successfully completed." You only have $2, but you still owe them the product. You're out $198.

That's the whole reason PayPal has encrypted/hosted buttons: preset transaction details that can't be messed with.

I see. So the issue is that someone could unfairly pay you the wrong amount. I thought you were suggesting there was more of a problem than just the amount of money. That's of course a major problem though.

But not as I understand it here. That's because the original question (though I advised against it) was how to let the user set the price.

If you're happy to let the user set the price then you must be happy with any price they set, from $1 to $1000 or above. There's no way to limit it if they do have access to the submit a custom value in any way.
For a donation system, for example, this would be perfect. But I agree with traq: use it with caution.

Even if your Javascript or HTML (as in a select input) attempts to limit the number of options available, it can be faked by overriding the script or submitting from an alternative page (one that the user controls and generally resembles your form). The reason I am emphasizing this is that above there's an example of $170 and $185. Those are close, so maybe that's fine, but realize that there's nothing preventing a marginally creative user from changing those entirely to any other value.

Well yes, but I did suggest that the form be validated server side before sending to PayPal.

However, the point deserves emphasis. Once you let your users see the form, they can copy it, make their own page with an altered version of it and submit that to PayPal on their own.

I'm not sure of this, but they may even be able to make a refund or payment form and have your account send them money.

Well yes, but I did suggest that the form be validated server side before sending to PayPal.

However, the point deserves emphasis. Once you let your users see the form, they can copy it, make their own page with an altered version of it and submit that to PayPal on their own.

I'm not sure of this, but they may even be able to make a refund or payment form and have your account send them money.

server-side validation before sending to paypal would be difficult: the button is designed to submit directly to paypal. you'd have to re-POST the form (using CURL, for example). I don't know how much checking paypal does, but you might need to include things like the UA string...?

refunding would be complex; I'm not sure it would be possible.

changing the product or term (e.g., getting a recurring payment approved as a single payment) would also certainly be possible.

I imagine server side validation would be difficult. Like a form that submits to a PHP script that validates it. If valid it sends the info to PayPal, if not it dumps you back to the initial form with advice as to why it didn't go through. Even so, it might be possible for the intrepid hacker to find the PayPal form somewhere in that an make a copy of it for their on purposes.

And, all of the warnings in this thread are worthwhile considering.

But the original question was for how do you make a name your own price form. If that's what they really want, then whatever they're selling - one would hope it is a donation button, would be by definition something that could go for a penny or a million. Or it could be a contract. The amount paid determines the length of time/amount of services. That could work too.

Haha. I like that idea, John. Maybe it's for selling water. $.01 is one drop, and $1 million is for a lake or two. It's not a bad idea in general though.

Anyway, the problem is that submitting to paypal must be client side. And a form cannot be submitted to two locations, nor can a form be forwarded by the server. There could be a post request made using PHP (such as the curl() functions) but that would not allow the user to log in to their paypal account, defeating the purpose. So unless customers are willing to give their paypal passwords to this website, that can't work. (And paypal probably tries to block automated requests.)

If you must have this sort of setup, it's probably best to look into a locally hosted credit card solution, or asking paypal about more complicated integration (for a higher fee, I imagine).

If there is no concern at all about what that amount can be such as for donations, then that's fine.

I think it could be done, but it would be complicated. There are a few issues I can't immediately imagine a solution for. But I'm not going to bother, since there is already a method in place for validating the payment after-the-fact (IPN and PDT).