$payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; include "dbcontroller.php"; $db = new DBController(); // check whether the payment_status is Completed $isPaymentCompleted = false; if ($payment_status == "Completed") { $isPaymentCompleted = true; } // check that txn_id has not been previously processed $isUniqueTxnId = false; $result = $db->selectQuery("SELECT * FROM payments WHERE txn_id = '{$txn_id}'"); if (empty($result)) { $isUniqueTxnId = true; } // check that receiver_email is your PayPal email // check that payment_amount/payment_currency are correct if ($isPaymentCompleted && $isUniqueTxnId && $payment_amount == "0.01" && $payment_currency == "USD") { $payment_id = $db->insertQuery("INSERT INTO payment(item_number, item_name, payment_status, payment_amount, payment_currency, txn_id) VALUES('{$item_number}', '{$item_name}', {$payment_status}, '{$payment_amount}', '{$payment_currency}', '{$txn_id}')"); } // process payment and mark item as paid. if (DEBUG == true) { error_log(date('[Y-m-d H:i e] ') . "Verified IPN: {$req} " . PHP_EOL, 3, LOG_FILE); } } else { if (strcmp($res, "INVALID") == 0) { // log for manual investigation