Using standard PayPal buy now buttons - need an extra step to obtain a User Id

Question

Using standard PayPal buy now buttons - need an extra step to obtain a User Id

Matt Lee 40

My asp.net site has a product page.aspx with the standard Buy now button code from Paypal.

I capture the email address of the sender from the page that has a asp.net form.

On button click, the data is saved in database and they then see a PayPal button that was previously hidden.

The user could have a different email when they checkout on Paypal account and so I need to create

a parameter that ID's the User with the data they first submitted in the form and the PayPal check out process.

Any suggestions would be helpful

thank you

0 comments

2 answers

Your answer

Answer 1

Jack Dang (WICLOUD CORPORATION) 17,340 Microsoft External Staff Moderator

Hi @Matt Lee ,

Thanks for reaching out.

The way to handle this is to use your own internal ID instead of trying to match on email address. After the user submits the ASP.NET form and you save their details to the database, generate or retrieve the record ID for that submission, then pass that value into the PayPal button using the custom field.

For example:

<input type="hidden" name="custom" value="<%= PendingOrderId %>" />

When PayPal sends the transaction details back, that same custom value is included, so you can use it to look up the correct record in your database and link the payment to the original form submission even if the buyer uses a different PayPal email address.

One important point is not to rely only on the return page in the browser to confirm payment. It is better to use PayPal’s server-side notification flow and read the custom value there before marking the record as paid. That gives you a more reliable way to reconcile the payment with the correct user data.

Also, make sure the value you pass is just a safe reference such as an order ID or GUID, and not any sensitive customer information.

Hope this helps! If my explanation and suggestion were helpful to you, I would greatly appreciate it if you could follow the instructions here so others with the same problem can benefit as well.

Matt Lee 40

hi thank you. I manged to get part of it working in which it answers IPN correctly but still not certain with this code the fix.

There is aspx page called IPNhandler.aspx.

here is the code behind

using System;

using System.IO;

using System.Net;

using System.Text;

using System.Web;

using System.Net.Mail;

public partial class IPNHandler : System.Web.UI.Page

{

protected void Page_Load(object sender, EventArgs e)

{

    System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

    // 1. Capture the raw POST data from PayPal

// 1. Capture the raw POST data from PayPal

    byte[] param = Request.BinaryRead(HttpContext.Current.Request.ContentLength);

    string strRequest = Encoding.ASCII.GetString(param);

    string initialRequest = strRequest;

    // 2. Prepend 'cmd=_notify-validate' to the data for verification

    strRequest = "cmd=_notify-validate&" + strRequest;

    // 3. Post the data back to PayPal for validation

    // Use "https://www.sandbox.paypal.com/cgi-bin/webscr" for testing

    string paypalUrl = "https://ipnpb.sandbox.paypal.com/cgi-bin/webscr";

    HttpWebRequest req = (HttpWebRequest)WebRequest.Create(paypalUrl);

    req.Method = "POST";

    req.ContentType = "application/x-www-form-urlencoded";

    req.ContentLength = strRequest.Length;

    using (StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), Encoding.ASCII))

    {

        streamOut.Write(strRequest);

    }

    // 4. Get the response from PayPal

    string strResponse;

    using (StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream()))

    {

        strResponse = streamIn.ReadToEnd();

    }

    // 5. Check if the response is "VERIFIED"

    if (strResponse == "VERIFIED")

    {

        // Parse the original data to get transaction details

        var ipnParams = HttpUtility.ParseQueryString(initialRequest);

        string paymentStatus = ipnParams["payment_status"];

        string txnId = ipnParams["txn_id"];

        if (paymentStatus == "Completed")

        {

            // TODO: Verify amount, receiver email, and process order

MailMessage mailMessage = new MailMessage();

    mailMessage.IsBodyHtml = true;

    mailMessage.Subject = "**IPN WORKING**" + " ";

    mailMessage.Body = "<html><body>" +

     "<P style='font-family:Verdana; font-size: 1em;'>" +

"Card Type: " +

     "</p>" +

"</body></html>";

                       mailMessage.To.Add("xxxxxxxxxxxxxxxxx");

    mailMessage.From = new MailAddress("xxxxxxxxxxx");

mailMessage.To.Add("xxxxxxxxxx");

    //send the message

SmtpClient smtpClient = new SmtpClient();

smtpClient.Send(mailMessage);

        }

    }

    else if (strResponse == "INVALID")

    {

        // Log for investigation; the request may be fraudulent

    }

}

}

here is the aspx page on the site where the form. After the form is submitted it shows the

paypal check out buttons which are coded as below

I am using Sandbox accounts for testing. The code above sends the email so IPNhander.aspx is working but can the custom variable be implemented with code below and retrieve it in above code.

<script 
  src="https://sandbox.paypal.com/sdk/js?client-id=BAAsgWUYtLtO6tC3pYtx4YFgGKQk9m9Wz7oIWtZv_f5HS88bvzxXASLS68Q45_QnctTSrIvulgCvSbXibA&components=hosted-buttons&disable-funding=venmo&currency=USD">
</script>

<div id="paypal-container-CHJGKXRFBA79C"></div>
<script>
  paypal.HostedButtons({
    hostedButtonId: "CHJGKXRFBA79C",
  }).render("#paypal-container-CHJGKXRFBA79C")
</script>

Jack Dang (WICLOUD CORPORATION) 17,340 Reputation points Microsoft External Staff Moderator

2026-04-27T08:58:32.1866667+00:00

It does sound like the IPN handler is responding properly now, which is a good sign. The part that is still awkward is the button type you are using. That Hosted Button code is PayPal-managed, so it is not the same as the older HTML button flow where you could just post your own hidden custom field from the page.

So in this case, your IPN code can read a custom value if PayPal sends one, but with the Hosted Button snippet you posted, there is not really a clean way to attach a different custom ID for each user before checkout.

If you need to match the payment back to a specific database row from your ASP.NET form, the better option is to use a server-side checkout flow where your site creates the PayPal order. Then you can save your form data first, generate your own ID such as an OrderId, send that to PayPal as part of the order, and read it back when the payment completes.

The idea of passing your own identifier is still the right fix, but this particular Hosted Button setup is probably the wrong integration if you need that value to change for each customer.

Also, before treating a payment as complete, make sure you verify the receiver email, amount, currency, and that the transaction ID has not already been processed.
Jack Dang (WICLOUD CORPORATION) 17,340 Reputation points Microsoft External Staff Moderator

2026-04-29T07:21:03.6033333+00:00

Hi @Matt Lee ,

If you're still interested or have any questions, feel free to reach out whenever it works best for you.

Answer 2

Use an internal ID that is generated and stored on the server, then pass that ID through to PayPal and back to your site.

A simple pattern in ASP.NET Web Forms is:

When the user submits the ASP.NET form (before showing the PayPal button):
- Create a new record in the database for this pending purchase.
- Use your own primary key (for example, OrderId or UserToken, typically an INT identity or a GUID).
- Save all the user data (including the email they entered) against that key.

Put that key into the PayPal button as a custom field

Standard PayPal buttons support fields such as custom or invoice that are sent back to you in IPN / return.
In the page that renders the PayPal button, set the hidden field value from the server:

   <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
       <input type="hidden" name="cmd" value="_xclick" />
       <input type="hidden" name="business" value="your-paypal-email@example.com" />
       <input type="hidden" name="item_name" value="Your Product" />
       <input type="hidden" name="amount" value="10.00" />
       <!-- Your internal ID -->
       <input type="hidden" name="custom" value="<%= PendingOrderId %>" />
       <input type="submit" value="Buy Now" />
   </form>

Where PendingOrderId is set in code-behind when the form is processed:

   protected int PendingOrderId;
   
   protected void Page_Load(object sender, EventArgs e)
   {
       if (!IsPostBack)
       {
           // After saving form data to DB
           PendingOrderId = SaveFormAndGetOrderId();
       }
   }

On PayPal return / IPN handler
- Configure PayPal to call a server endpoint (webhook/IPN handler) on your site.
- In that endpoint, read the custom (or invoice) field from the POST data PayPal sends.
- Use that value to look up the record in your database and link the PayPal transaction (transaction ID, PayPal email, status) to the original form data.

This way the user’s PayPal email can be different from the one entered on your site, but both are tied together via your own internal ID, not by email.

The Wingtip Toys PayPal sample uses a similar idea by storing order information in the database and then associating PayPal responses with that stored data when the user returns from PayPal.

References:

Share via

Using standard PayPal buy now buttons - need an extra step to obtain a User Id

2 answers

Your answer