It looks like I had a few typos in my example.... here is the right code to use:
XV- <?php echo(substr("00000000", strlen(strval($_SESSION['OrderID'])))-8)); ?><?php echo($_SESSION['OrderID'])); ?>
But this code was assuming you were using a Database that was generating an OrderID. How did you want the OrderID generated or what should it relate to if you don't have a Database?
Usually the OrderID is the ID from the Orders database... in your case there is no real OrderID. You could use the TransactionID from paypal, but that is rather long and includes letters and numbers much like the session_id() value you are trying to replace.