Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi Larry,


I am having a few problems regarding the 'billing_stripe.php' file. I wrote the code below that's in my 'billing_stripe.php' file.

When I get to the line:    

$cc_last_four = substr($cc_number, -4);

An error is thrown up and it says:

'Undefined variable: cc_number'.

I have tried everything but I can't seem to find out why it's saying that the cc_number variable is undefined.

Qu 1: Do you have any suggestions as to what might be the problem?

Qu 2: Is the code in the billing_stripe.php file below correct, or do I need to take out some sections?



Code for 'billing_stripe.php' file

// This file is the second step in the checkout process.
// It takes and validates the billing information.
// This updated versions uses Stripe.
// This script is created in Chapter 15.
// Require the configuration before any PHP code:
// Start the session:
// The session ID is the user's cart ID:
$uid = session_id();
// Check that this is valid:
if (!isset($_SESSION['customer_id'])) { // Redirect the user.
$location = 'https://' . BASE_URL . 'checkout.php';
header("Location: $location");
// Require the database connection:
// Validate the billing form...
// For storing errors:
$billing_errors = array();

// Check for a form submission:
//if (get_magic_quotes_gpc()) {
$_POST['cc_first_name'] = stripslashes($_POST['cc_first_name']);
// Repeat for other variables that could be affected.
// }
// Check for a first name:
if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $_POST['cc_first_name'])) {
$cc_first_name = $_POST['cc_first_name'];
} else {
$billing_errors['cc_first_name'] = 'Please enter your first name!';
// Check for a last name:
if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['cc_last_name'])) {
$cc_last_name = $_POST['cc_last_name'];
} else {
$billing_errors['cc_last_name'] = 'Please enter your last name!';
// Check for a Stripe token:
if (isset($_POST['token'])) {
$token = $_POST['token'];
} else {
$message = 'The order cannot be processed. Please make sure you have JavaScript enabled and try again.';
$billing_errors['token'] = true;
// Check for a street address:
if (preg_match ('/^[A-Z0-9 \',.#-]{2,160}$/i', $_POST['cc_address'])) {
$cc_address = $_POST['cc_address'];
} else {
$billing_errors['cc_address'] = 'Please enter your street address!';
// Check for a city:
if (preg_match ('/^[A-Z \'.-]{2,60}$/i', $_POST['cc_city'])) {
$cc_city = $_POST['cc_city'];
} else {
$billing_errors['cc_city'] = 'Please enter your city!';
// Check for a state:
/*if (preg_match ('/^[A-Z]{2}$/', $_POST['cc_state'])) {
$cc_state = $_POST['cc_state'];
} else {
$billing_errors['cc_state'] = 'Please enter your state!';
// Check for a zip code:
if (preg_match ('/^[a-z]{1,2}\d[a-z\d]?\s*\d[a-z]{2}$/i', $_POST['cc_zip'])) {
$cc_zip = $_POST['cc_zip'];
} else {
$billing_errors['cc_zip'] = 'Please enter your zip code!';
if (empty($billing_errors)) { // If everything's OK...
// Check for an existing order ID:
if (isset($_SESSION['order_id'])) { // Use existing order info:
$order_id = $_SESSION['order_id'];
$order_total = $_SESSION['order_total'];
} else { // Create a new order record:
// Get the last four digits of the credit card number:
// Temporary solution for Stripe:
// $cc_last_four = 1234;
$cc_last_four = substr($cc_number, -4); // PROBLEM-----------------------PROBLEM LINE---------------------------PROBLEM LINE
// Call the stored procedure:
$shipping = $_SESSION['shipping'] * 100;
$r = mysqli_query($dbc, "CALL add_order({$_SESSION['customer_id']}, '$uid', $shipping, $cc_last_four, @total, @oid)");
// Confirm that it worked:
if ($r) {
// Retrieve the order ID and total:
$r = mysqli_query($dbc, 'SELECT @total, @oid');
if (mysqli_num_rows($r) == 1) {
list($order_total, $order_id) = mysqli_fetch_array($r);
// Store the information in the session:
$_SESSION['order_total'] = $order_total;
$_SESSION['order_id'] = $order_id;
} else { // Could not retrieve the order ID and total.
unset($cc_number, $cc_cvv, $_POST['cc_number'], $_POST['cc_cvv']);
trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.');
} else { // The add_order() procedure failed.
trigger_error('Your order could not be processed due to a system error. We apologize for the inconvenience.');
} // End of isset($_SESSION['order_id']) IF-ELSE.
// ------------------------
// Process the payment!
if (isset($order_id, $order_total)) {
try {
// Include the Stripe library:
// set your secret key: remember to change this to your live secret key in production
// see your keys here https://manage.stripe.com/account
// Charge the order:
$charge = Stripe_Charge::create(array(
'amount' => $order_total,
'currency' => 'GBP',
'card' => $token,
'description' => $_SESSION['email'],
'capture' => false
// echo '<pre>' . print_r($charge, 1) . '</pre>';exit;
// Did it work?
if ($charge->paid == 1) {
// Add slashes to two text values:
$full_response = addslashes(serialize($charge));
// Record the transaction:
$r = mysqli_query($dbc, "CALL add_charge('{$charge->id}', $order_id, 'auth_only', $order_total, '$full_response')");
// Add the transaction info to the session:
$_SESSION['response_code'] = $charge->paid;
// Redirect to the next page:
$location = 'https://' . BASE_URL . 'final.php';
header("Location: $location");
} else { // Charge was not paid!
$message = $charge->response_reason_text;
} catch (Stripe_CardError $e) { // Stripe declined the charge.
$e_json = $e->getJsonBody();
$err = $e_json['error'];
$message = $err['message'];
} catch (Exception $e) { // Try block failed somewhere else.
trigger_error(print_r($e, 1));
} // End of isset($order_id, $order_total) IF.
// Above code added as part of payment processing.
// ------------------------
} // Errors occurred IF
// Include the header file:
$page_title = 'EFYHAH - Checkout - Your Billing Information';
// Get the cart contents:
$r = mysqli_query($dbc, "CALL get_shopping_cart_contents('$uid')");
if (mysqli_num_rows($r) > 0) { // Products to show!
if (isset($_SESSION['shipping_for_billing']) && ($_SERVER['REQUEST_METHOD'] !== 'POST')) {
$values = 'SESSION';
} else {
$values = 'POST';
} else { // Empty cart!
// Finish the page:
Link to comment
Share on other sites

Hi Larry,


I copied your code line to line, and the only reference is in the billing.js file on line 16

var cc_number = $('#cc_number').val(),
Also, it's in the billing_stripe.html form
<div class="field"><label for="cc_number"><strong>Card Number</strong></label><br /><input type="text" id="cc_number" autocomplete="off" /></div>
Other than that, I can't see it defined anywhere else.
QU: Do I need to define the variable 'cc_number' again somewhere else, because I literally copied your entire code and assumed
everything is fine, so I am reluctant to change anything.
I have run out of ideas
Link to comment
Share on other sites


I had a look at code that I also used from Larry's book.  In my implementation the $cc_number PHP variable is set when the $_POST data are processed from the submitted form.  In Larry's code I think that that is in module billing.php (line 55).

Do you have this in your implementation?

Regards, Necuima

Link to comment
Share on other sites

I had a further look at code that I wrote over 2 years ago where I did a fairly major adaptation of Larry's STRIPE payment processing as my situation was a standard shopping cart.  In my implementation I have an HTML form which I then process in a REDUX call to extract the credit card number from the form's submitted $_POST data.

So I probably can't help you.  I am sorry if I have wasted your time.

Regards, Necuima


Link to comment
Share on other sites


  • Create New...