Stripe checkout charge - passing amount

Question

for charge credit card, i want to pass dinamically amount values to my php script with jquery. I choose to use a select with different options. But it's not safe because user could modify those values. Any ideas? Here are my scripts:

HTML + JS

<script src="https://checkout.stripe.com/checkout.js"></script>
<script type="text/javascript" src="http://code.jquery.com/jquery-1.7.1.min.js"></script>

<button id="customButton">Buy</button>
<select id="myselect">
  <option value="2000">20 euros</option>
  <option value="4000">40 euros</option>
</select>



<script>
  var handler = StripeCheckout.configure({
  key: '*****************',
  image: 'https://stripe.com/img/documentation/checkout/marketplace.png',
  locale: 'auto',
  token: function(token) {
    var stripeToken = token.id;
    var stripeEmail = token.email;
    $.post(
       "charge.php",
       { stripeToken: token.id, stripeEmail: stripeEmail, amount: $( "#myselect" ).val()},
       function(data) {
         console.log(data);
       }
   );
  }
});

document.getElementById('customButton').addEventListener('click', function(e) {

handler.open({
  name: 'Test',
  currency: 'eur',
  amount: $( "#myselect" ).val()
});
e.preventDefault();
});

window.addEventListener('popstate', function() {
  handler.close();
});
</script>

PHP (charge.php)

$token  = $_POST['stripeToken'];
$customer = \Stripe\Customer::create(array(
  'email' => $_POST['stripeEmail'],
  'card'  => $token
));

try {
  $charge = \Stripe\Charge::create(array(
     'customer' => $customer->id,
     'amount'   => $_POST['amount'],
     'currency' => 'eur')
  ));
  echo '<h1>Successfully charged'.$_POST['amount'].'</h1>'; 
} 
catch(\Stripe\Error\Card $e) {
  echo '<h1>Card declined</h1>';
}

Answer 1

You have to create plans in your database or array of plans to secure payment. Think you have a plan like this :

["plan_name" => "basic", "plan_amount" => 4000];

then you can check before checkout using if statement also check in_array php function.

PHP in_array

With plans it's a easy thing and you can add more plans if you want.

You have amount like this :

'amount'   => $_POST['amount']

After plans it should be like this :

'amount'   => in_array($_POST['amount'], $plan_array) ? $_POST['amount'] : null;

Here is in_array example at top of code i used short if statement :

$plans = ["plan_name" => "basic", "amount" => 4000];

if(in_array("4000", $plans)) {
    echo "yes";
} else {
    echo "no";
}