PayPal is a great system for integrating simple shopping cart functionality on a website. Whether your website sells a large number of products or offers simple subscription or donation forms, PayPal allows your users to send you money securely, safely and quickly without you needing to setup a full merchant account with your online banking. With millions of eBay users already holding PayPal accounts, its the obvious choice for any online service requiring payment.

Recently, I was building a system which required the user to fill in their personal details in a form on a website before being sent to PayPal to arrange payment. There weren’t many solutions available online so, when I asked on Twitter for some help, Drew suggested just appending the required form variables to a URL querystring with a simple GET request in your header which would then be encoded on PayPal’s end to avoid (some) tampering.

You know what - it worked. Here’s the necessary code:

<?php
$data = 'cmd=_xclick';
$data .= '&no_note=1';
$data .= '&no_shipping=1';
$data .= '&currency_code=GBP';
$data .= '&amount=' . $total_cost;
$data .= '&item_name=' . urlencode('Your Product Name');
$data .= '&business=' . urlencode('your.email@yourwebsite.com');
$data .= '&return=' . urlencode('http://yourwebsite.com/confirmation.php');
$data .= '&cpp_header_image=' . urlencode('http://yourwebsite.com/images/logo_paypal.gif');

header("Location: https://www.paypal.com/cgi-bin/webscr/?" . $data);
?>

This is a very basic adaptation of what PayPal can do - I’ve completely overlooked the IPN confirmation side of things (which would be highly recommended to confirm the amount hadn’t been tampered with).