Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Stripe Getting Started Form</title>
<!-- The required Stripe lib -->
<script type="text/javascript" src="https://js.stripe.com/v2/"></script>
<!-- jQuery is used only for this example; it isn't required to use Stripe -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script type="text/javascript">
// This identifies your website in the createToken call below
Stripe.setPublishableKey('YOUR_PUBLISHABLE_KEY');
var stripeResponseHandler = function(status, response) {
var $form = $('#payment-form');
if (response.error) {
// Show the errors on the form
$form.find('.payment-errors').text(response.error.message);
$form.find('button').prop('disabled', false);
} else {
// token contains id, last4, and card type
var token = response.id;
// Insert the token into the form so it gets submitted to the server
$form.append($('<input type="hidden" name="stripeToken" />').val(token));
// and re-submit
$form.get(0).submit();
}
};
jQuery(function($) {
$('#payment-form').submit(function(e) {
var $form = $(this);
// Disable the submit button to prevent repeated clicks
$form.find('button').prop('disabled', true);
Stripe.card.createToken($form, stripeResponseHandler);
// Prevent the form from submitting with the default action
return false;
});
});
</script>
</head>
<body>
<h1>Charge $10 with Stripe</h1>
<form action="" method="POST" id="payment-form">
<span class="payment-errors"></span>
<div class="form-row">
<label>
<span>Card Number</span>
<input type="text" size="20" data-stripe="number"/>
</label>
</div>
<div class="form-row">
<label>
<span>CVC</span>
<input type="text" size="4" data-stripe="cvc"/>
</label>
</div>
<div class="form-row">
<label>
<span>Expiration (MM/YYYY)</span>
<input type="text" size="2" data-stripe="exp-month"/>
</label>
<span> / </span>
<input type="text" size="4" data-stripe="exp-year"/>
</div>
<button type="submit">Submit Payment</button>
</form>
</body>
</html>
@nohl

this is very cool. Is there a similar tutorial for the next step?

@schir1964

Code correction:

The javascript/jQuery code shows $form as the variable name. The $ should be removed from the variable name. $ is required for PHP variables not Javascript and will cause an error.

BTW: Thanks for a great example to work off of.

-- Christopher Mullins

@elithrar

@nohl The next step would be setting up the server side handler to submit the returned token and actually make the Charge. Take a look at https://stripe.com/docs/tutorials/charges

@schir1964 The $ is valid—it's a valid variable name in JavaScript and is used by jQuery as "shorthand". Run this code and you'll find doesn't cause an error.

@JCKnoell

Is there a way to make the payment amount variable so that the customer can enter the amount they want to pay? Is there a tutorial for this? I cannot find one.

@molovo

@JCKnoell you would just add a field for the amount, and pass the POST variable for it to the server-side code @elithrar linked to

@ojoadeolagabriel

This is wonderful, loving the simplicity

@MalhotraVijay

Thanks for the example in one place, helps a lot.

@Jordan4jc

How does the form know where to submit to, I've seen this code floating around and keep trying to search for the answer. Do you just put the reference to the PHP in the action part of the form element? Also can you just use an ajax request in the javascript to submit to a PHP script that sends the charge? I guess I'm just confused as to the .submit() in the javascript being that there is nothing on the form telling it where to submit to.

@nmagedman

@Jordan4jc: You are meant to fill that in yourself.

@briancollins: Just as you have a placeholder for YOUR_PUBLISHABLE_KEY, please add a placeholder for the form action, "YOUR_FORM_HANDLER_URL". Thanks!

@nmagedman

@Jordan4jc: Or you can just leave the form action blank and it defaults to the current url, as is common practice.

@briancollins: Nonetheless, please add in the placeholder just to be clear.

@JoshEpic

Can you add name and address to this form and have it validate the same way?

@reggi

@JoshEpic Since name and address aren't required I don't think they'll return an response.error.

What I'm really curious about is how does stripe know it's a $10 charge?

@joshuaterrill

I have a question, if you're placing your publishable key in javascript code (which is viewable by the client), can't anyone take your key and use it? Or is that not a concern?

@jlocashio

@reggi: stripe doesn't know it's a $10 charge at this point; this script generates a token for the card, not a charge. The token is used on the server-side to generate the charge of whatever amount you choose.

This is a great start, but the example is terribly incomplete. The token is appended to the form, but the initial values of the card fields are left intact, which means that the token's purpose of keeping card information off your server logs is lost; you are still getting a card number and expiration in your POST.

Make sure that your stripeResponseHandler function includes code to blank out the values of all form fields related to the card before submitting, e.g. in jQuery you could use $form.find('[data-stripe]').val('');.

@robwheeler

@ jlocashio: the createToken call seems to remove those fields from the form.

@jlocashio

@robwheeler: Funny, it didn't for me. I guess that might be due to the fact that my CC fields are part of a larger form, and have arrayed names, like [card]name and [card]number. Either way, it's never a bad idea to add redundancy, especially when it's 1 line of script.

@alexcasalboni

@jlocashio as described here:

Note how input fields representing sensitive card data (number, CVC, expiration month and year) do not have a "name" attribute. This prevents them from hitting your server when the form is submitted.

@tinocosta84

I have tried everything, I can't get this to actually work? can I call it a s a file?

<!DOCTYPE html>



Stripe Getting Started Form

<!-- The required Stripe lib -->

<!-- jQuery is used only for this example; it isn't required to use Stripe -->




Charge $10 with Stripe


<div class="form-row">
  <label>
    <span>Card Number</span>
    <input type="text" size="20" data-stripe="number"/>
  </label>
</div>

<div class="form-row">
  <label>
    <span>CVC</span>
    <input type="text" size="4" data-stripe="cvc"/>
  </label>
</div>

<div class="form-row">
  <label>
    <span>Expiration (MM/YYYY)</span>
    <input type="text" size="2" data-stripe="exp-month"/>
  </label>
  <span> / </span>
  <input type="text" size="4" data-stripe="exp-year"/>
</div>

<button type="submit">Submit Payment</button>



@Tony-dulei

Hey,
I have a question about payment form.
There are Card Number, CVC and Expiration in your payment form.
There is no cardholder name in this form.
Is it not necessary ?

@digitalwin

Thanks for this, but I'm trying to get customer information. I'm using the testing environment but I checked the logs and I'm not seeing the captured information such as name, email, etc. it says "null" and I'm sure I'm missing out on something. What code should I include? Please help. Newbie here. Thanks in advance

@JackWells

When I use the jquery-generated pop-up form method, all is well. But when I try this, I get "This customer has no attached card." Tried every possible combination of ideas from SO. My advice: if a client wants an inline-form, tell them that will be 10 billiable hours additional - minimum.

@NodexTech

schir1964

$ prefixes in variables will not cause an error in javascript.

@mrgoldfinder

ALL VERY NICE BUT, WHERE DOWS THE CUSTOMER GO TO COLLECT THE ITEM HE HAS JUST BOUGHT?

@webtronix1

Very nice Demo and scripts...............

@ryomaito

Does the stripe library always use jsonp? or does it use XHR too? I see code for both in the library

@vlatosev

Can we use two digits year. It passes in test mode but it is nowhere stated.

@shivam-developer

Hi ,
I tried this ,but after submitting and getting token it doesn't give response like alert success or transaction success related info i.e. when i get token what should be happened at stripe end side.
Is it possible in android?

@donaldhwong

Run the code and got an error: HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.

What's wrong?

@lgs

@JackWells Just turn off turbo links by adding data-no-turbolink to the body tag and will works:

<body data-no-turbolink>
...
</body>

@devdemi

Is there any way to add possibility to Remeber me as on Embedded form?

@mhavard999

Why is the whole form submitted at the end? Isn't the point that you use stripe.js to get the token so you don't have to send the card number, cvc, and exp date to your own server?

Edit: Nevermind. Already answered in the tutorial. They don't have name attributes so they won't get submitted to the server.

@synic

Using this method, how does one protect against XSS like <img src=x onerror=alert(1)> in the exp-year or exp-month fields?

Try it yourself, you will get an alert.

@deepjyoti

How to get customerid? As we can not use same token Id for multiple payment.

@claudio-dalicandro

I can't find any example about the "Remember me" checkbox in the custom form, you can have that functionality only with the javascript version of the form?

@demental

For some reason I cannot explain (yet), exp, card number and cvc hit our servers when submitting form.
I added $('.stripe-sensitive').remove(); before submitting as a workaround but this is an ugly patch.

Looking at the html generated code I get this :

<input id="cardNumber-checkout" type="text" maxlength="20" autocomplete="off" class="card-number stripe-sensitive form-control required" placeholder="Card number"  data-stripe="number" />

So far so good...

But when I inspect with the browser devtools, I get this :

<input id="cardNumber-checkout" type="text" maxlength="20" autocomplete="off" class="card-number stripe-sensitive form-control required" placeholder="Card number" data-stripe="number" name="card-number">

So it seems that some javascript add the name attribute to the fields. Anybody experiencing the same issue ?

@nghuuphuoc

Based on this tutorial page, the Validating custom Stripe form example covers steps to create a simple payment form in Bootstrap, validate the fields and connect with Stripe API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.