对于充值信用卡,我想通过jquery将dinamically数值传递给我的php脚本。我选择使用具有不同选项的选择。但它不安全,因为用户可以修改这些值。有任何想法吗? 这是我的脚本:
HTML + JS
<script src="https://checkout.stripe.com/checkout.js"></script>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.7.1.min.js"></script>
<button id="customButton">Buy</button>
<select id="myselect">
<option value="2000">20 euros</option>
<option value="4000">40 euros</option>
</select>
<script>
var handler = StripeCheckout.configure({
key: '*****************',
image: 'https://stripe.com/img/documentation/checkout/marketplace.png',
locale: 'auto',
token: function(token) {
var stripeToken = token.id;
var stripeEmail = token.email;
$.post(
"charge.php",
{ stripeToken: token.id, stripeEmail: stripeEmail, amount: $( "#myselect" ).val()},
function(data) {
console.log(data);
}
);
}
});
document.getElementById('customButton').addEventListener('click', function(e) {
handler.open({
name: 'Test',
currency: 'eur',
amount: $( "#myselect" ).val()
});
e.preventDefault();
});
window.addEventListener('popstate', function() {
handler.close();
});
</script>
PHP(charge.php)
$token = $_POST['stripeToken'];
$customer = \Stripe\Customer::create(array(
'email' => $_POST['stripeEmail'],
'card' => $token
));
try {
$charge = \Stripe\Charge::create(array(
'customer' => $customer->id,
'amount' => $_POST['amount'],
'currency' => 'eur')
));
echo '<h1>Successfully charged'.$_POST['amount'].'</h1>';
}
catch(\Stripe\Error\Card $e) {
echo '<h1>Card declined</h1>';
}
答案 0 :(得分:1)
您必须在数据库或计划阵列中创建计划以确保付款。认为你有这样的计划:
["plan_name" => "basic", "plan_amount" => 4000];
然后你可以在结帐前使用if语句进行检查,同时检查in_array php函数。
通过计划,这很简单,如果你愿意,可以添加更多计划。
你的数量是这样的:
'amount' => $_POST['amount']
计划之后应该是这样的:
'amount' => in_array($_POST['amount'], $plan_array) ? $_POST['amount'] : null;
这是代码顶部的in_array示例,我使用short if语句:
$plans = ["plan_name" => "basic", "amount" => 4000];
if(in_array("4000", $plans)) {
echo "yes";
} else {
echo "no";
}