A dynamic secure paypal buy now button. The cmxads No SQL way!
<?php
session_start();
//generate a random order number
//set a session on order page
function randomNumber($length) {
    $result = '';
    for($i = 0; $i < $length; $i++) {
        $result .= mt_rand(0, 9);
    }
    return $result;
}
$id=randomNumber('12');
//I am adding a letter prefix here
$_SESSION['id']="ID$id";	
?>
Your pre order form
All you need is one input it can be anything to target and pull data from file
<p><b>Order With PayPal Now Only 12.00!! </b></p>
<form name="checkout" action="order" method="post">
<input type="hidden" name="item_number" value="b1234">
<!--can add a text info box too-->
<input type="hidden" name="on0" value="Info">
Info:<input type="text" name="os0" value="">
<input type="image" src="images/paypal.png" border="0" name="submit" alt="Make payments with PayPal">
</form>


On order.php
<?php
session_start();
//I clean post and get like this
    function clean($text)
{
	$text = strip_tags($text);
	$text = htmlspecialchars($text, ENT_QUOTES);
	$text = trim($text);
    return ($text); //output clean text
} 
//initate variables that may not exist before post
$on0='',	             
$os0='', 
$target='';
if(isset($_POST['item_number']) && !empty($_POST['item_number'])){
 //item number is target to search product file below
$target=clean($_POST['item_number']);
//can add an option field to pre form will be
//inserted into array or removed if empty
if(!empty($_POST['os0'])){$os0=clean($_POST['os0']);$on0='Info:';}//setting our own on0 field value
}else{
echo 'error';
exit;
}

	
///list static variables

//can comment out or leave empty we will filter empty array elements anyway

//with these cmd we can also post user name address etc
$cmd='_ext-enter';
$redirect_cmd='_xclick';
///////////////////////////////
$business='me@cmxads.com';
$currency_code='USD';
$rm='2';//set for your return method
$custom=$_SESSION['id'];
$no_note='1';
$cancel_return='https://www.return.com';
$return='https://www.cancel.com';	
//set first array with static variables and any user input if used(on0)
	$item= array(
	             'cmd'=>$cmd, 
	             'business'=>$business, 
	             'rm'=>$rm, 
	             'on0'=>$on0,	             
	             'os0'=>$os0, 
	             'custom'=>$custom, 
				 'redirect_cmd'=>$redirect_cmd,			 				  
	             'currency_code'=>$currency_code, 
	             'cancel_return'=>$cancel_return, 
	             'return'=>$return,				  
	             'no_note'=>$no_note,);
	             
//////////////////////////////////	             
order products are added to a simple delimited text file

   item_number;item_name;amount
   b1234;book1;11.00
   b1244;book2;10.00	             

//////////////////////////////////

            
// following for delimited associative array text file
//set your fave delimiter from file
$delimiter=';';
//file name
$file='products.txt';
//initiate variables. we dont want no stinking notices!
$result='';
$lines='';
if(file_exists($file)){ //better exist!
 //product file is not large file is fine to use
 //otherwise we would use fopen
$lines = file($file);
  if ($lines){
//one way to create an associative array from text file with csv type header row
//in this case we get first row explode our field names make array and trim
   $fields = explode($delimiter,trim($lines[0]));
//print_r($fields);
//now unset the first line or line[0] with fields
  unset($lines[0]);
//  print_r($lines);
//make sure we have lines!
   if(count($lines)>1){
//get each line
 foreach($lines as $line){
//explode line into array and trim
 $line = explode($delimiter,trim($line));
//check if target key exists
 if(in_array($target,$line)){
  //check field count matches value count
if (sizeof($line)==sizeof($fields)){
 //combine fields and values into associative array
$result = array_combine($fields,$line);	
}}}}}}


if(!$result){
//if item data was not found means item number was tampered with or dont exist
//dont have duplicate data in file
	echo 'Data error';
	exit;
}else{
//merge row array with item array above           
$result = array_merge($result, $item);
//remove empty elements except 0
//this works in one shot but throws notice
//$result = array_diff($result, array( '' ) );
//so we do it this way
$result = array_filter($result); 
$result=array_slice($result, 0 );
}	
	
//add ? for adding query string to url
$final='?';
//build get query string when then we redirect to PP
$final .= http_build_query($result);
//must remove this from query string or wont work	
$final=str_replace(array('%5D','0%5B'),'', $final);	


//now just send data via get to paypal with redirect to the checkoutpage
  header('location:https://www.paypal.com/cgi-bin/webscr'.$final);  
  exit();
//thats it!!!!!! You are now on paypal checkout page
	
//Want to post to your IPN??//////////////////////////////////////
//do it like this

//use curl to post the data to pay pal
function curl_post($data) 
{ 
  $c = curl_init('https://www.paypal.com/cgi-bin/webscr');
  curl_setopt($c, CURLOPT_POST,1);
  curl_setopt($c, CURLOPT_POSTFIELDS, $data);
  curl_setopt($c, CURLOPT_SSL_VERIFYPEER,FALSE);
  curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
  $status = curl_exec($c);
  curl_close($c);
  return $status;
}


//check if curl exec is enabled on your server
if(function_exists('curl_exec')){
$status = curl_post($final);	
}else{
//use fsockopen as a backup.
//all host have this enabled need to use smtp email
//if url fopen is enabled on your shared server you are lucky use that
$fp = fsockopen("ssl://www.paypal.com/cgi-bin/webscr", 443, $errno, $errstr, 15);
if (!$fp) {
    $_return = ' error: ' . $errno . ' ' . $errstr;
    die($_return);
} else {

    $http  = "POST /index.php HTTP/1.1\r\n";
    $http .= "Host: " . $_SERVER['HTTP_HOST'] . "\r\n";
    $http .= "User-Agent: " . $_SERVER['HTTP_USER_AGENT'] . "\r\n";
    $http .= "Content-Type: application/x-www-form-urlencoded\r\n";
    $http .= "Content-length: " . strlen($final) . "\r\n";
    $http .= "Connection: close\r\n\r\n";
    $http .= $http_data . "\r\n\r\n";

    fwrite($fp, $http);

    while (!feof($fp)) {
        $_return .= fgets($fp, 4096);
    }
    fclose($fp);
//    echo $_return;
}
}
exit;	
?>