Jump to content

Recommended Posts

We are going to be using Stripe so people can make payments to us. If you're not familiar with how Stripe works, here is the breakdown:

 

  1. JavaScript is used to build a one time token, and make some tests.
  2. If the data passes the JavaScript tests your information is sent to my server to use the Stripe API that actually makes the payment
  3. You get a json result back that is parsed back into php.
    1. If the charge fails an Error is Thrown that you need to catch
    2. If the charge is successful, then you get a confirmation id that you can save in your database to look it up later or do whatever you need with it.

So that is how Stripe works. My question is, when an error is thrown, I want to redirect the user back to the form to fix the error, but I don't want to make them fill out the form again. What is a safest or most secure way to do this (when we go live we will be using SSL for HTTPS)?

Edited by The Little Guy
Link to comment
https://forums.phpfreaks.com/topic/277343-credit-card-information/
Share on other sites

So if it is sent via javascript, then most likely you are using an AJAX request?  If so, then you shouldn't be leaving the page until you get a response.  Really though, there isn't enough to go on here.  To many variables, not enough info.

If you're handling the data yourself then you need to make sure you're PCI compliant. Even if you're not storing the data permanently, you need to make sure you're not breaking any violations for that short amount of time it exists on your server. Also make sure you aren't accidentally storing it for a longer period of time without realising; error and access logs for example! You need to be really careful. If your servers are compromised and someone's bank details are taken and you're not PCI compliant, they'll come down on you like a tonne of bricks!

 

As for showing the form again, I wouldn't redirect, I would just render the form again? Redirect the request internally to the right controller, if that makes sense?

As for showing the form again, I wouldn't redirect, I would just render the form again? Redirect the request internally to the right controller, if that makes sense?

 

I don't know if I really like that idea. I can do it, but I would like to stay away from it due to the way the site works.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.