If you MUST use PayPal...PayPal Magic: PayPal Payment Buttons

Would you ever play Russian Roulette? Probably not. PayPal is almost like this deadly game: with each transaction that you make, it could be financial life for another day, or financial death now. PayPal, as a service is arbitrary and unpredictable. However, if for whatever reasons you might have, you want to continue using PayPal (or open another PayPal account), this section is for you.

The Ultimate Survival Guide is Finally Here! PayPal or eBay account frozen? Need a new account or multiple accounts? Find out EVERY way to SOLVE every PayPal or eBay Problem including...

YES. This information is relevant for EVERY COUNTRY where PayPal & eBay are available! Every Tool & Trick in the Book...this is the ULTIMATE PayPal & eBay Survival Package! This is the REAL DEAL and you can't afford to not take a minute and check this out...

PayPal Magic is a tutorial of tips and tricks that will help you decrease the chances of PayPal limiting or flagging your account. If you can avoid making some of the common "errors" that a lot of people make when using PayPal, you can learn to survive the Paypal trap another day!

Creating a Buy It Now Button

Accept payments on your web site with a simple button that sends the customer, along with all necessary payment information, to PayPal.

The most basic way to accept payments on your web site is to deploy a Buy Now button, which essentially consists of an HTML form.

In order to use the Buy Now system, you need to have a Business or Premier account at PayPal.

Use the Merchant Tools section of the PayPal web site to generate the necessary code to sell goods from your web site. Once you have the code for one item, you can modify that code for any of your other products by changing a few variable values.

The Code

To generate a simple block of button code, follow these steps:

  1. Go to http://www.paypal.com, log into your account, and click the Merchant Tools tab.

  2. Click the Buy Now link under the Website Payments section to open the PayPal Button Factory.

Create a basic button by entering the item name and item number. Leave the Buyer Country as is, and enter 1 for the amount. Skip the rest of the settings, but make sure to change the Encrypt Button option to No.

When you're done, click Create Button Now to generate the code.

The resulting code should look like this:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

<input type="hidden" name="cmd" value="_xclick">

<input type="hidden" name="business" value="sales@payloadz.com">

1. <input type="hidden" name="item_name" value="Widget">

2. <input type="hidden" name="item_number" value="Wid-001">

3. <input type="hidden" name="amount" value="1.00">

<input type="hidden" name="no_note" value="1">

<input type="hidden" name="currency_code" value="USD">

<input type="image" src=

"https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0"



Most of the variables will not change, regardless of the item you're selling. The variables on lines 1 ,2 , and 3 are the only ones you'll need to customize for each particular product.

Modifications to the variables are straightforward and can be done directly in the HTML. For instance, to specify a price, replace 1.00 with the price of your item, in dollars and cents (but no dollar sign). Likewise, set the item_name variable to the name of the product, and set the item_number variable to a unique product number or SKU code that makes sense for your store.

Hacking the Hack

In addition to the aforementioned variables, there are also other PayPal-supported options you can add to your purchase buttons. For example, the return and cancel_return variables define the addresses of web pages to which the user should be taken after the payment process has been completed or if the process is cancelled, respectively:

<input type="hidden" name="return" value="http://yoursite.com/thankyou.html">

<input type="hidden" name="cancel_return" value=


Simply insert additional variables anywhere in your button code, so long as they appear between the opening <form> and closing </form> tags. Other variables include:


The text label to appear above the note field (maximum of 40 characters).


Sets the background color of your payment pages to black (1); the default is white (0).


The three-digit code indicating the currency in which the payment is to be made.

custom and invoice

Both custom and invoice are pass-through variables, never shown to customers, to be returned to you when the payment process is complete.


The shipping surcharge, applied regardless of the number of items ordered.


The address (URL) of your company logo. The image can be up to 150x50 pixels. If this variable is omitted, the customer will see your business name if you have a Business account or your email address if you have a Premier account.


If this variable is set to 1, the customer will not be allowed to include a note. It's probably best to specify the no_note option (as in the example earlier in this section) if you'll be automating your operation and are unlikely to see any notes your customers would enter here.


More on this later on in this section!

on0, on1, os0, and os1

More information on these four settings later in the section!


Sets the Custom Payment Page style for payment pages. This variable should be the name of one of the styles listed on the Custom Payment Page Styles page. To add or edit custom payment pages, click the My Account tab, click Profile, and click the Custom Payment Pages link. This topic will be covered in greater detail in the next section (Storefronts & Shopping).


The URL of the page on your web site to which the customer will be sent when the transaction is complete.


Specifies the behavior of the return URL (see the return option). If this variable is set to 1, the buyer will be sent back to the return URL using a GET method, and no transaction variables will be submitted. If rm is set to 2, the buyer will be sent back to the return URL using a POST method, to which all available transaction variables will also be posted. If rm is omitted or set to 0, GET methods will be used for all Shopping Cart transactions in which IPN is not enabled and POST methods with variables will be used for the rest.

shipping, shipping2

The amount to charge the customer for shipping, per item. If you specify an amount for shipping2, the shipping amount will be charged only for the first item ordered and shipping2 amount will be charged for each additional item (all of which applies only if the customer orders a quantity of more than one).


If this variable is omitted, the sales tax specified in your account preferences will take effect. Otherwise, use tax to specify a flat tax (in dollars and cents, rather than a percentage) to apply to the order.

Using Custom Image Buttons

Customize the appearance of the Buy Now button with a few changes to the Button Factory code

The PayPal Button Factory generates HTML code that you insert into your payment pages to facilitate sales. The code you initially get depends on the values you type into the form, but you can subsequently edit it manually before you install it onto your site. This simple hack walks you through the modification of your button code to use your own custom Buy Now button images.

Preparing the Image and Code

First, you'll need to prepare another button image for use in the form. It can be either a GIF or JPG image file, but it must be located somewhere on your web site or elsewhere on the Internet so that you can reference its location in your code. See the next section for button design tips.

Start by generating the code for an ordinary Buy Now button. Copy the HTML code and paste it into your favorite HTML editor, such as Dreamweaver, FrontPage, or any plain-text editor (e.g., Notepad). Find the piece of code that references the image:

<input type="image" src="https://www.paypal.com/images/x-click-but23.gif"

border="0" name="submit" alt="Make payments with PayPal - it's

fast, free and secure!">

The src parameter contains the location (URL) of the image to be used:


Simply change this source to the address (URL) of your button image:


Or, if the image is located on the same site as your button code, it could be as simple as this:


So, the final code should look like this:

<input type="image" ="http://www.anothersite.com/ournewimage.gif"

border="0" name="submit" alt="Make payments with PayPal - it's

fast, free and secure!">

Basic Button Design

The PayPal Button Factory provides some options for button appearance, though most of the supplied images are branded with the PayPal look and might not integrate cleanly with your web site's design. The previous section shows how to use any image you like, provided that you have one at the ready. With a simple web search, you can find images of buttons at web sites that specialize in shopping cart buttons. But for even more seamless integration, you can create your own image in an image-editing program, such as Photoshop or Paint Shop Pro.

The ideal sizes for your buttons, based on the sizes PayPal uses for their buttons, are 68x23 pixels for Buy Now buttons and 87x23 pixels for Shopping Cart buttons. You do not have to use these exact sizes for your own buttons, but do use them as guidelines when choosing appropriate sizes for your buttons.

You can also add interaction to your buttons by providing different variations of your images so that they look lit up or pushed in when your customers click them or move over them with their mice. This visual feedback and interactivity makes your buttons look and act more clickable, and it is a good way to get more customers to click them. To give your image a slightly different appearance on mouseover or when clicked, you need to have two button images: one to act as the normal, unactivated state and another to replace the original image with activated (like a rollover effect or onmouseover command).

Simply include this JavaScript code to swap one image for another upon mouseover:

<input type="image" name="submit" src="yourbutton_up.gif" onmouseover=

"this.src='yourbutton_over.gif'" onmouseout=


The two images for normal and activated states are yourbutton_up.gif and yourbutton_over.gif, respectively, in the preceding code. To have the button change when it is clicked (as opposed to responding to a mouseover), use this code instead:

input type="image" name="submit" src="yourbutton_up.gif" onMouseDown=


This just scratches the surface of what you can do. The more you do to polish the appearance and behavior of your buttons, the more customized (and hopefully professional) your site will appear to your customers.

Creating Purchase Buttons for Services

Streamline your purchase buttons for selling intangible goods and services by removing unnecessary fields. By removing certain shipping requirements, you can accept payments from all buyers, regardless of whether they can provide confirmed addresses.

PayPal allows you to accept payment for almost any kind of tangible product or intangible service. When you're selling services, much of the information PayPal gathers is superfluous. You might not always need the customer's address, for instance, and you most likely will not need to charge any shipping or handling fees. By eliminating these options in your purchase buttons, you can simplify the checkout process for your customers, thus making it easier to sell your services.

Here's the code for a service button, the one that we covered earlier in this section:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

<input type="hidden" name="cmd" value="_xclick">

<input type="hidden" name="business" value="sales@payloadz.com">

<input type="hidden" name="item_name" value="Service">

<input type="hidden" name="item_number" value="Serv-001">

<input type="hidden" name="amount" value="1.00">

1. <input type="hidden" name="shipping" value="0.00">

2. <input type="hidden" name="handling" value="0.00">

3. <input type="hidden" name="no_shipping" value="1">

4. <input type="hidden" name="no_note" value="1">

<input type="hidden" name="currency_code" value="USD">

<input type="image" src=


border="0" name="submit">


The difference between this code and an ordinary Buy Now button is the addition of two variables, shipping and handling (lines 1 and 2, respectively), both of which are set to 0.00. This trumps any shipping charges you might have in your PayPal profile. Also, the no_shipping variable (line 3) instructs PayPal not to ask for a shipping address, and the no_note variable (line 4) turns off the note field during checkout. All of this makes a simple and streamlined checkout process.

Creating Auction Payment Buttons

Create payment buttons for auctions, such that the completed transaction updates the payment status on the auction web site automatically.

Merchants that sell using auction sites such as eBay often have to collect payment for their goods after the auction has ended. Sometimes, it can be confusing to the winning bidder how to complete payment, and you'll want to make it as easy as possible for your customers to send you money. Using some simple HTML, you can construct a payment button much like the payment buttons generated by PayPal for Shopping Cart and Web Accept purchases. You then present this button to the winning bidder in an email or on your web site to supplement the payment buttons already on the auction site.

The Easy Road to Getting This Done

Since PayPal is an eBay company, it shouldn't be surprising that PayPal is well integrated with the eBay web site. For instance, if you indicate that you accept PayPal payments when constructing an eBay listing, a PayPal button will automatically appear for the winning bidder when the listing ends. Here's how to build the link between your eBay account and your PayPal account:

  1. Go to the eBay web site and log into your eBay account.

  2. Go to My eBay and click the eBay Preferences link under the My Account heading.

  3. Click the Change link next to the Payment Preferences heading, and turn on all the PayPal-related settings here.

  4. When you sell your next item, check the PayPal option in the "Seller-accepted payment methods" section and enter the email address of the PayPal account to which you'd like auction payments to be sent.

That's it! When your auction ends, a PayPal payment button will automatically appear at the top of the auction page, but for the winning bidder only.

Furthermore, you can configure PayPal to automatically insert a Pay Now button into each of your running auctions:

  1. Log into your PayPal account.

  2. Click the Profile tab and then click Auctions.

  3. If your eBay account isn't listed here, click Add, and then enter your eBay user ID and password.

  4. Otherwise, simply turn on the features you'd like to employ. The changes will take effect immediately.

The PayPal Auction options include the following:

Automatic Logo Insertion

PayPal automatically inserts a PayPal logo into the description of each of your running auctions (using eBay's Add to Description feature). This not only advertises the fact that you accept PayPal, it also gives your winning bidder a shortcut to the payment process.

Winning Buyer Notification

This instructs PayPal to automatically send an email to all your winning bidders, complete with payment instructions and a Pay Now button. This email is sent independently of eBay's "Congratulations! You are the buyer for..." email.

PayPal Preferred on eBay

This inserts the PayPal logo into the "Payment methods accepted" section of your auction page, as shown in Figure 4-3. The PayPal logo appears in addition to the logo that might already be there and suggests to your customers that you not only accept PayPal, but you whole-heartedly prefer it as a means of payment.

Making Your Own Button From Scratch

Although eBay provides payment buttons for high bidders, you might want to supplement these buttons with your own. Plus, you might want to add eBay-like functionality to other auction sites, such as Yahoo!, uBid, Amazon.com, MSN, and Bidville auctions.

This code displays a simple Pay Now button that sends your customers to the PayPal web site and guides them through the payment process. The system automatically tracks the payment for this particular auction, so your customer will not have to enter any additional auction-related information. Plus, the auction site, provided that it's linked up with PayPal, will be notified automatically so that it can update the payment status of the auction for you and your bidder.

The goal of providing an extra payment button like this one is to reduce the chances that your customer (bidder) will use PayPal's Send Money function to pay for an auction; in that case, you would receive a payment not linked to its corresponding auction.

Among other difficulties, PayPal's Send Money tab makes it possible for your customer to "forget" to include the shipping charge or sales tax, you might have to process the order manually (or simply refund the payment), and the auction site might not reflect that the customer has paid. To automatically reject all payments sent this way, configure your PayPal account to "Block Payments from users who initiate payments from the Pay Anyone subtab of the Send Money tab," as we have already covered in Section 3 of PayPal Magic.

Here is the HTML code for an auction payment button, linked to a particular auction:

<form method="get" action="https://www.paypal.com/cgi-bin/webscr">

<input type="hidden" name="cmd" value=_cart>

input type="hidden" name="business" value="youremail@screw-paypal.com">

<input type="hidden" name="item_name_1" value="Widget">

<input type="hidden" name="amount_1" value="1.00">

<input type="hidden" name="quantity_1" value="1">

<input type="hidden" name="site_1" value="eBay">

<input type="hidden" name="ai_1" value="2540252652">

<input type="hidden" name="ab_1" value="your_ebay_id">

<input type="submit" name="upload" value="Pay Now">


This code is similar to the code we will be using in the next section, with the exception of a few new variables: site_n, ai_n, and ab_n, where n is a number representing the item in multiple item payments, starting with 1 (for example, include ab_1, ab_2, and ab_3 if you're requesting payment for three different auctions).

The site_n variable defines the site on which the auction was listed, and it should be set to eBay for eBay auctions or Yahoo for Yahoo! Auctions. This value is case sensitive, so for other auction sites, you'd type uBid, Amazon, MSN, or Bidville. The second variable, ai_n, should be set to the auction (or listing) number at the auction site. Finally, ab_n, is your user ID at the auction site (your_ebay_id in this example). Naturally, you'll need to replace all italicized text in the code with the details of your transaction.

The other variables, such as item_name_n and amount_n, can be modified as described eariler in this section.

More Code Modifications

This modification demonstrates how you can create buttons that facilitate auction-specific payments. Naturally, creating a button for each auction manually would be a time-consuming process, but you can use the eBay API to automate this process. Start by sending a query to obtain the information for each of your completed auctions using a GetTransactionDetails call, and then assemble your buttons and email them to the high bidders. The technical procedures involved with implementing this type of system go beyond the scope of this basic informational tutorial, but extensive information can be found all over the internet or many popular books on code.

If you use an off-site listing tool or a third-party listing service to build your auctions, you might be able to tie your application into the application's local database. However, you will also need a means of obtaining completed-item details (such as the final price and high-bidder contact information). For an example that shows how to build payment buttons dynamically, continue on to Section 5.

Provide Purchase Options with Drop-Down Listboxes

Change a few lines of the PayPal Button Factory code to restrict purchase options to a distinct list of choices.

By default, the item_name variable created by the PayPal Button Factory is a hidden field containing a single string of text, which means that a single payment button corresponds to a single product. So, if you sell three products, you'll need three payment buttons, right?

Not so, thanks to drop-down listboxes.

Since many of the products you're selling probably come in a combination of styles or sizes, you can merge those variations into a single purchase button. For instance, if you're selling clothing, a Size option might contain three choices: Small, Medium, and Large. Fortunately, PayPal doesn't distinguish between text strings sent from text boxes and list elements selected from drop-down listboxes, so you can easily replace any <input> field with a <select> drop-down list. For instance, take:

<input type="hidden" name="item_name" value="T-Shirt">

and replace it with:

<select name="item_name" id="item_name">



The problem here is that we still provide the customer with only one option. To add more options, simply insert additional <option> tags, one for each variation, like this:

<select name="item_name" id="item_name">

<option>T-Shirt, Small</option>

<option>T-Shirt, Medium</option>

<option>T-Shirt, Large</option>


With this simple change, your customers choose a size, click the Buy Now button, and pay for your item. PayPal then sends the customer's selection back to you in the "You've got cash" email.

If you need to provide your customers with more than one option, you can include up to two additional option fields and convert both of them to drop-down lists with this same procedure. Thus, you can have up to three different options with a single payment button.

Override Shipping and Handling Preferences

Modify purchase buttons to override your Profile settings, allowing you to set shipping and handling fees to zero for digital goods.

Certain goods, such as software or other downloadable products, should not incur any shipping charges. By default, PayPal calculates the applicable shipping fees and applies them to every order. To configure your shipping calculation preferences, log into PayPal, click Profile, and then click Shipping Calculations.

The problem is that PayPal applies your shipping preferences to all purchases placed through your PayPal buttons. If you sell both tangible and digital products, you might need to charge different shipping amounts for different products.

To override your shipping and handling preferences, turn on the "Allow transaction-based shipping values to override the profile shipping settings" options in your Shipping Calculations profile page. Then, add two additional variables to applicable buttons and set each of them to zero (or any values you wish) for digital goods purchases, like this:

<input type="hidden" name="shipping" value="0.00">

<input type="hidden" name="handling" value="0.00">

If you were to omit these two new variables, the shipping fees applied to that product would default to the values in your PayPal profile. You can add these two new form variables anywhere in your button code, as long as they appear between the opening <form> and closing </form> tags.

When you override your Profile's Shipping Preferences for a single item in your PayPal Shopping Cart, the override applies only to that item. All other items are charged shipping according to your Profile's Shipping Preferences.

Build Notification Tracking

Track how your PayPal applications are used by including the Build Notification (BN) tag with all your payment buttons and resulting transactions.

PayPal originally introduced the Build Notification (BN) tag as a way to track developers' projects, allowing them to, for example, include version numbers to gauge application performance. The BN tag is a field for your payment buttons into which you place an identifier string you choose.

An unexpected benefit of the BN tag is that, by demonstrating that your site or application generates a significant amount of transactions, you can receive the benefits of a high-volume merchant. While there is no official disclosure of any specific application rewards, developers can often expect to receive specialized technical support if they ever have problems that affect their applications or sites. High-volume merchants are also invited to participate in testing new features of the PayPal system and receive advance notice of upcoming releases of new product features.

To use the BN system, PayPal suggests assigning a unique, readable value to the BN tag, including the version (and build) number of your application as well as your company name. The suggested format of the BN value is company.product.version, like this:

<input type="hidden" name="bn" value="GeekSoft.Cart.1.0">

Insert the bn variable into your PayPal form buttons just as you would any other values:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

<input type="hidden" name="bn" value="GeekSoft.Cart.1.0">

<input type="hidden" name="cmd" value="_xclick">

<input type="hidden" name="business" value="bn@screw-paypal.com">

input type="hidden" name="item_name" value="Widget">

<input type="hidden" name="amount" value="1">

<input type="image" src=http://images.paypal.com/images/x-click-butcc.gif

border="0" name="submit">


Once you deploy the BN tag in your form buttons, make sure you register your application with PayPal so that they can begin tracking your usage. Send an email to developer@paypal.com with the BN ID text you use in each of your solutions, along with the name of your company, the title of your application or web site, and your contact information. For further information, see http://www.paypal.com/pdn-submit.

Even More Modifications

The BN tag only allows PayPal to track your sales internally; you won't have access to any usage statistics connected with your use of the BN tag on your web site.

However, you can track your sales by including the custom variable in your purchase buttons. Set the value of the custom variable to some unique identifier for the application or web site in which the button appears:

<input type="hidden" name="custom" value="GeekSoft.Cart.1.3">

Every time a payment is made with this button, PayPal records the custom value in your transaction history. Next, use the Download My History feature to generate a tab- or comma-delimited text file. Finally, import the file into your spreadsheet or database and use the tools at your disposal to plot sales trends, run reports, or perform statistical analysis.

You can also export your PayPal history into files that Quicken and Quickbooks can understand, allowing you to integrate PayPal sales with your accounting software.

Hacker-Proof Your Payment

Prevent code-tampering and price-spoofing with a hidden form post.

When deploying PayPal buttons on your web site, you should consider the risk of spoofed payments. PayPal buttons are normally created in plain HTML, with the variables and their values available for anyone to see (select ViewSource in your browser to see for yourself). This means that anyone can view your button source code, copy the HTML to her own system, make changes to the variables (such as the price), and make a payment with the modified button. You can manually review purchases to make sure no tampering has taken place, but in high-volume or automated systems, this might be a difficult or even impossible task.

PayPal offers a button encryption system that allows you to encrypt your purchase buttons, provided that you're not using buttons modified with custom variables. Button encryption is also not supported with Shopping Cart buttons.

The Code That You Need

This anti-fraud code consists of two pages: link.asp and jump.asp. First, link.asp contains the product and selling information, as well as a link to the second page:

<html> <body> Widget<br> <a href="jump.asp?id=123">Click here to buy</a> </body> </html>

This first page mimics the Buy Now button, but instead of sending the customer to PayPal, it links to the jump page. Next, jump.asp queries your database for the product info and sends the purchase information to PayPal. This code is written in ASP:


'Connect to database and create recordset

1. connStore = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ="C:/InetPub/wwwroot/database/


set rsJump= Server.CreateObject("ADODB.Recordset")

rsJump.ActiveConnection = connStore

2. rsJump.Source = "SELECT tblProducts FROM tblProducts WHERE Id = " & Request("id")

3. rsJump.Open( )



4. <body onLoad="document.fmPost.submit( )">

<form action="https://www.paypal.com/cgi-bin/webscr" method="post" name="fmPost">

<input type="hidden" name="cmd" value="_xclick">

<input type="hidden" name="business" value="youremail@yourisp.com">

<input type="hidden" name="item_name" value=


<input type="hidden" name="item_number" value=


<input type="hidden" name="amount" value=






rsJump.Close( )


The jump page queries the database (line 2) for the requested product information (based on the URL embedded in the link page) and then dynamically builds a PayPal form from this information. Finally, the page uses an onLoad function (line 4) to automatically submit the form as soon as the page loads, without the customer ever seeing the page.

Depending on your platform, you might need to change the code that connects to your database (lines 1 to 3) and creates the rsJump recordset from the query results. See "Database Coding and Platform Choices" in the Preface for more information.

Modifications: Plan B

You don't necessarily have to use the database method described here. Instead, you can simply create a static jump page for each product, complete with all of the product information (name, price, etc.) embedded right in the code. Although this approach wouldn't make any sense for an online store that sells hundreds or thousands of items, it would ultimately be easier to implement than a full database if you sell only one or two products on your site.


Plan B: Obfuscate Your Button Code

If all this seems like too much trouble to guard against a remote possibility, there is an easier way to keep casual observers from seeing exactly what your button code contains and spoofing your button.

  1. Create a Buy Now, Add to Cart, Subscription, or Donation button using PayPal's Merchant Tools.

  2. Go to http://www.dynamicdrive.com/dynamicindex9/encrypter.htm. Copy and paste your button code into the text area window.

  3. Click Encrypt. The HTML will be replaced with encoded text that is much harder for mere mortals to read, but the encoded text will easily be parsed and displayed by your customers' browsers.

  4. Copy and paste this scrambled code into your web page.

This quick and easy obfuscator makes it harder for casual viewers to see how your button is coded and thus helps protect it from tampering. Additionally, it foils most web spiders looking for fresh email addresses to spam.

This trick is no substitute for real encryption. The material is all there, just in a form that is hard for a person to read. Anyone with some time, patience, and an understanding of common encoding methods will crack the obfuscation in no time. Also, even if the HTML is not obvious, all the information critical to the consumers' buying decision will be echoed by PayPal once your customer clicks the button.

To illustrate, here's an ordinary payment button:

<h1>Plain button</h1>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

<input type="hidden" name="cmd" value="_xclick">

<input type="hidden" name="business" value="sales@wwjcd.biz">

<input type="hidden" name="item_name" value="Jackie Chan bobble head">

<input type="hidden" name="item_number" value="jc-bh">

<input type="hidden" name="amount" value="9.99">

<input type="hidden" name="currency_code" value="USD">

<input type="image" src=


border="0" name="submit" alt="Make payments with PayPal - it's

fast, free and secure!">


And here's the obfuscated version of the same code:

<h1>Button obfuscated</h1>





etc.... You get the idea!

Hacker-Proof Your Buttons with Encryption

Add yet another layer of security to a Buy Now Button by encrypting its contents with OpenSSL and C/C++.

Now that you've created a complete Buy Now button, how can you prevent potential hackers from seeing (and possibly changing) the information you're passing to PayPal? PayPal's button encryption enables you to hide the exact contents of your HTML form in a PKCS7-encrypted blob.

While it is not necessary to integrate button encryption into every web site, it does allow you to provide another layer of security without affecting your customers' buying experience.

OpenSSL and Keys

Button encryption is done using a cryptography library, such as OpenSSL, and a pair of cryptographic keys. OpenSSL is nice, because it allows you to both sign and envelope the message in one action. The first thing to do is install OpenSSL, which is available for download at http://www.openssl.org.

Note that some knowledge of compiling programs is required for the installation of OpenSSL on Unix. Instructions for compiling and installation on various platforms can be found in the OpenSSL download. A precompiled Windows version is available at http://www.slproweb.com/products/Win32OpenSSL.html. Simply follow the installation instructions for your particular environment.

Cryptographic keys must be exchanged in order for button encryption to work. You'll need to contact PayPal to obtain PayPal's public key, and you must provide your public key to PayPal. You should generate your keys in PEM format; consult the OpenSSL documentation (http://www.openssl.org/docs/HOWTO/keys.txt) for details.

Basic Button Encryption Using OpenSSL

Start with an unencrypted HTML form tag in your HTML page:

<form method="post" action="https://www. paypal.com/cgi-bin/webscr">

<input type="hidden" name="cmd" value="_xclick">

<input type="hidden" name="business" value="sales@company.com">

<input type="hidden" name="amount" value="1.00">

<input type="hidden" name="currency_code" value="USD">

<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif"

name="submit" alt="Make payments with PayPal - it's fast, free

and secure!">


The first thing you need to do is convert all the hidden field name/value pairs from this form into a single string, like this:





Keep in mind that the line feeds required are Unix line feeds (\n), not Windows line feeds (\r\n). Ensure that your program is creating the string correctly or you will get decryption errors when posting your encrypted form.

Next, load the PayPal public key from the paypal_cert.pem file:

BIO *bio;

X509 *gPPx509;  

char* payPalCertPath = "/opt/keys/paypal_cert.pem";  

if ((bio = BIO_new_file(payPalCertPath, "rt")) == NULL) {  

printf("Fatal Error: Failed to open (%s)\n", payPalCertPath);  

goto end;  


if ((gPPx509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) {

 printf("Fatal Error: Failed to read Paypal certificate from 

(%s)\n", payPalCertPath);  

 return "";    



Then, load your public and private keys.

The last step to enable button encryption is to change the value of the cmd form tag to _s-xclick and add the PKCS7 blob as a form value of encrypted..

When you're done, you'll end up with code that that is 100% safe from hackers.

Include Payment Buttons in Email Messages

Use the PayPal Payment Request Wizard to send Pay Now buttons from Microsoft Outlook.

Sending invoices via email with PayPal's Request Money feature is a quick and effective way to ask someone to pay you. The Pay Now buttons PayPal includes in the resulting email make it easy for your customers to pay you; after two clicks and a login, customers with PayPal accounts can send you money in less than a minute.

But the Request Money feature has its limitations. While the email appears to come from you, it's actually sent from PayPal, which means that you won't be able to customize it fully. If you need to include pictures, files, hyperlinks, custom HTML, or multiple purchase buttons, you'll have to send the email yourself.

Creating PayPal Payment Hyperlinks

Adding a PayPal payment hyperlink to your own email involves nothing more than typing a simple URL. The required parameters to create a basic hyperlink are email address, payment amount, and item name.

However, there are many optional parameters you can include in the hyperlink to help you provide a more complete payment record, such as the currency, item number, quantity, shipping, and request for shipping address. For example:




As you can see, the hyperlink begins to become unwieldy. Hyperlinks this long or longer cause problems because email programs chop them up into smaller pieces when they wrap the text. More than likely, only the first piece will be hyperlinked and a customer will not think twice about clicking it and attempting to complete the transaction with incomplete information.

The simplest solution is to run the address through TinyURL --

(http://tinyurl.com), which will convert it to something that looks like this:


The resulting link is always short enough to be spared the aforementioned word wrap. Unfortunately, the https://www.paypal.com/ prefix will be lost, and your more diligent customers might avoid it.

The PayPal Payment Wizard

Want something more professional-looking than a bare URL in your emails? Nearly all modern email programs support HTML (much to the bane of the minimalists among us), which means that you can replace ordinary URLs with hyperlinked, graphical buttons right in your email messages.

Simply use your email software's formatting tools to insert an image and then link it to a payment URL you construct. In fact, URLs in hyperlinks can be as long as 1024 bytes (characters), which is plenty for PayPal's payment URLs. Of course, there's a cost: these payment buttons can be time-consuming to create...until now.

Enter the PayPal Payment Wizard, a free add-in toolbar for Microsoft Outlook and Microsoft Outlook Express that allows you to painlessly insert payment buttons into your emails.

You can create five different types of PayPal payment buttons, each with six different button designs

Payment Button (Basic)

This type of button is easiest to use, because it requires only your email address and payment amount, but it offers the fewest options.

Product Button

This type allows you to enter product details and request a shipping address.

Service Button

This type allows you to enter a service description.

Auction Payment Button

Use this to request payment for an auction item.

Donate Button

Use this to allow the donor to specify the donation amount.

To use the Payment Wizard toolbar, start by downloading it from http://www.paypal.com/outlook and installing it on your computer. You might be asked to close Microsoft Outlook if it's open.

The PayPal Payment Wizard currently supports only Microsoft Outlook and Outlook Express on Windows. If you're using Eudora or some other email software, or if you are using a Mac or Linux, you'll have to create payment buttons manually.

To insert a button with the Payment Wizard, follow these steps:

Open Outlook or Outlook Express.

Click the Payment Request Wizard icon on the toolbar.

When you see the first page of the wizard, click Next.

On the Payment Button Type screen, choose one of the five aforementioned payment button types. For this example, select the second option, Product Button, and click Next.

The Product Button requires only the email address to which payment should be sent, and the payment amount.

There are several optional fields. You can specify the subject of the payment email you'll receive if the recipient pays. The First Name and Last Name fields are not currently used, so you can leave them blank. You can leave the Buyer's Email, Subject, First Name, and Last Name empty, because they are not required.

If your product requires shipping, turn on the Solicit Shipping Address option. PayPal will ask the buyer to specify a shipping address.

In the Product Details area, enter the name of the product and its ID number, if you have it.

In the Sale Details area, enter the price of the product. If you are selling multiple identical products, change the quantity to the reflect the quantity you are going to sell. If you are selling two toy trucks for the same price of $15 each, enter $15 and change the quantity to 2. You will see the Total Payment update to $30.

The Payment Wizard does not support multiple products. If you are collecting payment for more than one product, you will have to summarize the products in the Name field and enter a quantity of 1. See the next section of this hack for another solution.

In the S&H field, enter the amount to charge for shipping and handling. If you change this field, you will see the Total Payment update to reflect the new amount.

Select the currency, confirm that the Total Payment is correct, and click Next when you're done.

On the Button screen, select the button you would like to put into your email. The wizard provides six payment button images, all hosted on the PayPal web site (they might not appear if you or your recipient are not connected to the Internet).

If you would like to use another image for your button, select the URL option and enter the URL of your image file (presumably hosted on your own site). The button must be on a web server that can be accessed by anyone via the Internet. You can also choose the Text option to put the PayPal payment URL behind a text link instead of an image.

Click Next to view the You're Almost Done screen, where you'll see a summary of the values selected for your Payment Button. Verify that the information is correct and press the Test button to see the button in action.

If you are planning on sending many similar buttons, check the Save settings box. The wizard will save your settings for the next time.

Click Insert, and the fully configured button will be inserted into a blank email. (You won't be able to click on the button, because you're in edit mode.)

At this point, complete the email. Type one or more email addresses into the To field, enter a subject, and include a note or instructions to accompany the button.

Click Send when you're finished.


When your customer opens the email, he will be able to click the button and pay you after logging into his PayPal account. To test this experience firsthand, send the email to your own email address.

Including More than One Button in an Email

Since the PayPal Payment Wizard creates a new email message with each button, there is no way to use it to insert more than one button into a single email message. However, overcoming this limitation is easy enough:

  1. Insert a payment button with the Payment Wizard, as described in the previous section.

  2. Using your mouse, select the area around the new button, making sure to include the lines above and below the new button.

If you select only the button and not the lines above and below, you'll get only the image without the hyperlink.

Copy the selection to the clipboard by pressing Ctrl-C or by selecting Copy from Outlook's Edit menu.

Click to place the insertion point (text cursor) where you'd like the new button to appear, and paste the button into the existing email by pressing Ctrl-V or by selecting Paste from Outlook's Edit menu. You can paste the button into any email, including one that already contains a payment button.

Repeat the process for each additional payment button you would like to insert. To verify that the image and corresponding hyperlink have been pasted correctly, as well as to make any changes to the URL, right-click the button and select Properties.

Hide Your Email Address from Spammers

Use your PayPal referral ID to prevent your email address from being harvested by spammers.

Spam (unsolicited bulk email) is a growing problem for Internet users, especially for those who have web sites that can be spidered by spambots looking for email addresses. The HTML generated by the PayPal Button Factory contains the email address listed in your PayPal account, making it available to address harvesters. Prevent this potential misuse by replacing your email address with your referral ID (also known as the affiliate ID).

This technique does not work with the HTML code generated for the PayPal Shopping Cart. It also doesn't support encrypted buttons, although buttons protected by encryption are already well-protected from spammers.

To implement this fix, you need to obtain your referral ID from the PayPal web site and then edit your HTML button code, substituting the referral ID for your email address.

To obtain your referral ID from PayPal, click the Referrals link at the bottom of any PayPal page. You will see a text box with a URL in it, which will look something like https://www.paypal.com/mrb/pal=ABC1DEF2GHIJK. Your referral ID is the part of the URL after pal=; in this case, the referral ID is ABC1DEF2GHIJK.

To put the referral ID in place of your email address, open the web page that contains the button in a text or HTML editor and find the all sections of code that look like this:

input type="hidden" name="business" value="youremail@yourisp.com">

Replace your email address with your referral ID, like this:

<input type="hidden" name="business" value="ABC1DEF2GHIJK">

You will need to do this for each button on your site. Your buttons will operate normally, and your customers won't know the difference.

Accept Donations

Accept PayPal donations to fill your nonprofit's coffers, and tweak the Donate Now button to suit your needs.

The Internet has long been a tool for bringing together like-minded activists in a common cause. After Howard Dean's campaign for the 2004 Democratic presidential nomination, however, fundraisers working in the mainstream learned that the power of the Net could not only get out the word, but bring in the green as well.

PayPal has long understood the value of making donations quick and easy. The Make a Donation button lets you start accepting contributions immediately. To create a button follow these steps:

  1. Log into your PayPal account.

  2. Click the Merchant Tools tab, and then click Donations (under Website Payments).

  3. Fill in a name and ID number, if you wish. A Donate Now button's name and ID number, like the Item Name/Service and Item ID/Number in a Buy Now button, let you and your contributors identify payments. By using different numbers and descriptions, you can place a number of buttons on your site, each soliciting donations to different programs.

  4. Enter an amount or leave blank if you want your donors to enter an amount themselves. Either way, you'll need to select a currency in which donations will be made.

  5. Choose from the selection of PayPal donation buttons, or specify the URL of your own button image.

  6. Choose the encrypted or unencrypted version of the button. If you're not sure which one to use, choose the unencrypted version; you can replace it later with an encrypted one once your button is functioning. Unencrypted buttons are plain HTML forms—easy to read, understand, and modify. An encrypted button, on the other hand, is inscrutable to anyone but the PayPal system and impossible to modify or customize. While unencrypted buttons can be created with any software tool, encrypted buttons can, at the time of this writing, be created only with the PayPal system's Merchant Tools. Encrypted buttons can be useful in some situations, such as to protect your email address from spammers. Openness, however, is usually best in this case.

Click Create Button Now when you're done.

The HTML code generated for your button is found in a textarea box on the next page. Just select its contents, press Ctrl-C to copy the text to the clipboard, and then paste the text into your web page.


Next Section: Storefronts & Shopping Carts



Get the word out, PayPal is NOT YOUR PAL!Donate | Contact Us | Privacy Policy | Legal | ©2014 Screw-Paypal.com