Why Choose Stripe for Payment Processing in PHP?
Stripe is trusted by millions of businesses worldwide for online payment processing. Here's why it's an excellent choice for PHP developers:
- Simple, well-documented RESTful API
- PCI DSS Level 1 compliant — no sensitive card data touches your server
- Supports credit/debit cards, Apple Pay, Google Pay, and 135+ currencies
- Built-in fraud detection with Stripe Radar
- Easy testing with dedicated test API keys and test card numbers
- Webhooks for real-time payment event notifications
- Excellent PHP SDK actively maintained in 2026
Table Of Content
1 Prerequisites
- PHP 8.0+ installed
- Composer (PHP dependency manager)
- MySQL / MariaDB database
- A Stripe account (free to create)
- Basic knowledge of HTML, CSS, and PHP
- A local server (XAMPP, WAMP, Laragon, or PHP built-in server)
2 Introduction
In this step-by-step tutorial, you'll build a complete Stripe payment integration in plain PHP — no framework needed. We will use Stripe Checkout (Stripe's hosted payment page) which is the recommended and most secure approach. Stripe Checkout handles all the sensitive card input on Stripe's own PCI-compliant servers, so your application never touches raw card data.
Here's what we'll build:
- A product checkout page with a "Pay Now" button
- Stripe Checkout Session creation via the PHP SDK
- Success and cancellation pages
- Webhook handler to verify and record payments in MySQL
- Complete error handling and security best practices
3 Create a Stripe Account & Get API Keys
Before writing any code, you need to set up your Stripe account and obtain your API keys.
1. Go to https://dashboard.stripe.com/register and create a free account.
2. After logging in, navigate to Developers → API Keys.
3. You will see two sets of keys:
- Publishable Key (starts with pk_test_) — Used on the frontend
- Secret Key (starts with sk_test_) — Used on the backend (keep this private!)
Important: During development, use the test mode keys. Stripe provides test card numbers for safe testing. You can switch to live keys when your app is ready for production.
4 Project Setup & Install Stripe PHP SDK
4.1 Create Project Directory
Create a new project folder in your web server's root directory (e.g., htdocs for XAMPP):
mkdir stripe-php-payment
cd stripe-php-payment
4.2 Install Stripe PHP SDK via Composer
Make sure Composer is installed on your system, then run:
composer require stripe/stripe-php
5 Create Configuration File (config.php)
Create a config.php file to store your Stripe API keys and database credentials. This keeps your sensitive data in one place.
<?php
// Stripe API Keys (Use test keys during development)
define('STRIPE_PUBLISHABLE_KEY', 'pk_test_YOUR_PUBLISHABLE_KEY_HERE');
define('STRIPE_SECRET_KEY', 'sk_test_YOUR_SECRET_KEY_HERE');
define('STRIPE_WEBHOOK_SECRET', 'whsec_YOUR_WEBHOOK_SECRET_HERE');
// Database Configuration
define('DB_HOST', 'localhost');
define('DB_NAME', 'stripe_payments_db');
define('DB_USER', 'root');
define('DB_PASS', '');
// Application URL
define('APP_URL', 'http://localhost/stripe-php-payment');
// Currency
define('CURRENCY', 'usd');
// Include Composer Autoloader
require_once __DIR__ . '/vendor/autoload.php';
// Initialize Stripe
\Stripe\Stripe::setApiKey(STRIPE_SECRET_KEY);
// Database Connection
function getDBConnection() {
try {
$pdo = new PDO(
"mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4",
DB_USER,
DB_PASS,
[
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]
);
return $pdo;
} catch (PDOException $e) {
die("Database connection failed: " . $e->getMessage());
}
}
?>
6 Create MySQL Database & Payments Table
Create a database called stripe_payments_db and run the following SQL to create the payments table:
CREATE DATABASE IF NOT EXISTS stripe_payments_db;
USE stripe_payments_db;
CREATE TABLE `payments` (
`id` INT(11) NOT NULL AUTO_INCREMENT,
`stripe_session_id` VARCHAR(255) NOT NULL,
`stripe_payment_intent_id` VARCHAR(255) DEFAULT NULL,
`customer_name` VARCHAR(255) DEFAULT NULL,
`customer_email` VARCHAR(255) DEFAULT NULL,
`product_name` VARCHAR(255) NOT NULL,
`quantity` INT(11) NOT NULL DEFAULT 1,
`amount` DECIMAL(10,2) NOT NULL,
`currency` VARCHAR(10) NOT NULL DEFAULT 'usd',
`payment_status` VARCHAR(50) NOT NULL DEFAULT 'pending',
`created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
`updated_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
UNIQUE KEY `stripe_session_id` (`stripe_session_id`),
KEY `idx_payment_status` (`payment_status`),
KEY `idx_payment_intent` (`stripe_payment_intent_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
7 Create the Checkout Form (index.php)
This is the main page where customers see the product and click "Pay Now" to start the payment. We use Bootstrap 5 for styling.
<?php require_once 'config.php'; ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Stripe Payment - Checkout</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
<style>
body { background-color: #f8f9fa; }
.product-card { border-radius: 1rem; box-shadow: 0 4px 20px rgba(0,0,0,0.08); }
.product-card img { border-radius: 1rem 1rem 0 0; height: 250px; object-fit: cover; }
.btn-stripe { background-color: #635bff; border-color: #635bff; color: #fff; }
.btn-stripe:hover { background-color: #4b45c6; border-color: #4b45c6; color: #fff; }
.price-tag { font-size: 2rem; font-weight: 700; color: #635bff; }
</style>
</head>
<body>
<nav class="navbar navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand fw-bold" href="#"><i class="fas fa-shopping-cart me-2"></i>Stripe PHP Payment Demo</a>
</div>
</nav>
<main class="container mt-5 mb-5">
<?php if (isset($_GET['error'])): ?>
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<?= htmlspecialchars($_GET['error']) ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<div class="row justify-content-center">
<div class="col-md-6 col-lg-5">
<div class="card product-card">
<img src="https://via.placeholder.com/500x250?text=Premium+PHP+Course"
class="card-img-top" alt="Product Image">
<div class="card-body p-4">
<h3 class="card-title">Premium PHP Development Course</h3>
<p class="text-muted">Master PHP 8.3, MySQL, REST APIs, security best practices,
and build real-world projects. Lifetime access included.</p>
<div class="d-flex justify-content-between align-items-center mb-4">
<span class="price-tag">$49.99</span>
<span class="badge bg-success fs-6"><i class="fas fa-lock me-1"></i>Secure Payment</span>
</div>
<form action="create-checkout-session.php" method="POST">
<input type="hidden" name="product_name" value="Premium PHP Development Course">
<input type="hidden" name="amount" value="4999">
<input type="hidden" name="quantity" value="1">
<button type="submit" class="btn btn-stripe btn-lg w-100">
<i class="fas fa-credit-card me-2"></i>Pay Now with Stripe
</button>
</form>
<div class="text-center mt-3">
<small class="text-muted">
<i class="fas fa-shield-alt me-1"></i>Powered by Stripe | 256-bit SSL Encryption
</small>
</div>
</div>
</div>
</div>
</div>
</main>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
8 Create Stripe Checkout Session (create-checkout-session.php)
This file creates a Stripe Checkout Session and redirects the user to Stripe's hosted payment page. This is the most critical file in the integration.
<?php
require_once 'config.php';
// Only accept POST requests
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: index.php');
exit;
}
// Sanitize and validate input
$productName = htmlspecialchars(trim($_POST['product_name'] ?? ''));
$amount = (int) ($_POST['amount'] ?? 0);
$quantity = (int) ($_POST['quantity'] ?? 1);
if (empty($productName) || $amount <= 0 || $quantity <= 0) {
header('Location: index.php?error=Invalid product data');
exit;
}
try {
// Create Stripe Checkout Session
$checkout_session = \Stripe\Checkout\Session::create([
'payment_method_types' => ['card'],
'line_items' => [[
'price_data' => [
'currency' => CURRENCY,
'product_data' => [
'name' => $productName,
'description' => 'Access to ' . $productName,
],
'unit_amount' => $amount, // Amount in cents
],
'quantity' => $quantity,
]],
'mode' => 'payment',
'success_url' => APP_URL . '/success.php?session_id={CHECKOUT_SESSION_ID}',
'cancel_url' => APP_URL . '/cancel.php',
'customer_creation' => 'always',
'metadata' => [
'product_name' => $productName,
'quantity' => $quantity,
],
]);
// Save initial payment record to database
$pdo = getDBConnection();
$stmt = $pdo->prepare("
INSERT INTO payments (stripe_session_id, product_name, quantity, amount, currency, payment_status)
VALUES (:session_id, :product_name, :quantity, :amount, :currency, 'pending')
");
$stmt->execute([
':session_id' => $checkout_session->id,
':product_name' => $productName,
':quantity' => $quantity,
':amount' => $amount / 100, // Convert cents to dollars for storage
':currency' => CURRENCY,
]);
// Redirect to Stripe Checkout
header('HTTP/1.1 303 See Other');
header('Location: ' . $checkout_session->url);
exit;
} catch (\Stripe\Exception\ApiErrorException $e) {
// Handle Stripe API errors
error_log('Stripe Error: ' . $e->getMessage());
header('Location: index.php?error=Payment initialization failed. Please try again.');
exit;
} catch (Exception $e) {
// Handle general errors
error_log('Error: ' . $e->getMessage());
header('Location: index.php?error=Something went wrong. Please try again.');
exit;
}
?>
- The unit_amount is in cents (e.g., $49.99 = 4999)
- {CHECKOUT_SESSION_ID} is a Stripe placeholder — it gets replaced automatically with the real session ID
- We save a "pending" record in our database before redirecting to Stripe
- The customer_creation parameter ensures Stripe creates a customer object for each payment
- All errors are caught and logged, with user-friendly error messages shown on the frontend
9 Create Success & Cancel Pages
success.php — Payment Success Page
After a successful payment, Stripe redirects the user here with the session ID. We retrieve the session details from Stripe and display a confirmation.
<?php
require_once 'config.php';
$sessionId = $_GET['session_id'] ?? null;
if (!$sessionId) {
header('Location: index.php');
exit;
}
try {
// Retrieve the Checkout Session from Stripe
$session = \Stripe\Checkout\Session::retrieve([
'id' => $sessionId,
'expand' => ['line_items', 'payment_intent'],
]);
$customerName = htmlspecialchars($session->customer_details->name ?? 'Customer');
$customerEmail = htmlspecialchars($session->customer_details->email ?? 'N/A');
$amountPaid = number_format($session->amount_total / 100, 2);
$currency = strtoupper($session->currency);
$paymentStatus = $session->payment_status;
$paymentIntent = $session->payment_intent->id ?? 'N/A';
} catch (Exception $e) {
error_log('Stripe Retrieve Error: ' . $e->getMessage());
$customerName = 'Customer';
$customerEmail = 'N/A';
$amountPaid = '0.00';
$currency = 'USD';
$paymentStatus = 'unknown';
$paymentIntent = 'N/A';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Payment Successful</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
<style>
body { background-color: #f8f9fa; }
.success-icon { font-size: 4rem; color: #28a745; }
.card { border-radius: 1rem; box-shadow: 0 4px 20px rgba(0,0,0,0.08); }
</style>
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card text-center p-5">
<div class="success-icon mb-3">
<i class="fas fa-check-circle"></i>
</div>
<h2 class="text-success mb-3">Payment Successful!</h2>
<p class="text-muted mb-4">Thank you for your purchase, <b><?= $customerName ?></b>!</p>
<div class="alert alert-light text-start">
<p><strong>Email:</strong> <?= $customerEmail ?></p>
<p><strong>Amount Paid:</strong> <?= $currency ?> $<?= $amountPaid ?></p>
<p><strong>Payment Status:</strong>
<span class="badge bg-success"><?= ucfirst($paymentStatus) ?></span>
</p>
<p class="mb-0"><strong>Transaction ID:</strong> <?= $paymentIntent ?></p>
</div>
<a href="index.php" class="btn btn-primary btn-lg mt-3">
<i class="fas fa-home me-2"></i>Back to Home
</a>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
cancel.php — Payment Cancelled Page
If the user cancels the payment on Stripe's checkout page, they are redirected here.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Payment Cancelled</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
<style>
body { background-color: #f8f9fa; }
.cancel-icon { font-size: 4rem; color: #dc3545; }
.card { border-radius: 1rem; box-shadow: 0 4px 20px rgba(0,0,0,0.08); }
</style>
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card text-center p-5">
<div class="cancel-icon mb-3">
<i class="fas fa-times-circle"></i>
</div>
<h2 class="text-danger mb-3">Payment Cancelled</h2>
<p class="text-muted mb-4">Your payment was not processed. No charges were made.</p>
<p class="text-muted">If this was a mistake, you can try again below.</p>
<a href="index.php" class="btn btn-primary btn-lg mt-3">
<i class="fas fa-redo me-2"></i>Try Again
</a>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
10 Handle Stripe Webhooks (webhook.php)
Webhooks are essential for reliable payment verification. Instead of relying on the success page redirect (which users can manipulate), Stripe sends server-to-server notifications about payment events. This is the most secure way to confirm payments.
Create webhook.php:
<?php
require_once 'config.php';
// Read the raw POST body from Stripe
$payload = file_get_contents('php://input');
$sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'] ?? '';
try {
// Verify the webhook signature to ensure it's from Stripe
$event = \Stripe\Webhook::constructEvent(
$payload,
$sig_header,
STRIPE_WEBHOOK_SECRET
);
} catch (\UnexpectedValueException $e) {
// Invalid payload
error_log('Webhook Error (Invalid Payload): ' . $e->getMessage());
http_response_code(400);
echo json_encode(['error' => 'Invalid payload']);
exit;
} catch (\Stripe\Exception\SignatureVerificationException $e) {
// Invalid signature
error_log('Webhook Error (Invalid Signature): ' . $e->getMessage());
http_response_code(400);
echo json_encode(['error' => 'Invalid signature']);
exit;
}
// Handle the event
switch ($event->type) {
case 'checkout.session.completed':
$session = $event->data->object;
// Update payment record in database
$pdo = getDBConnection();
$stmt = $pdo->prepare("
UPDATE payments
SET payment_status = 'completed',
stripe_payment_intent_id = :payment_intent,
customer_name = :name,
customer_email = :email
WHERE stripe_session_id = :session_id
");
$stmt->execute([
':payment_intent' => $session->payment_intent,
':name' => $session->customer_details->name ?? null,
':email' => $session->customer_details->email ?? null,
':session_id' => $session->id,
]);
error_log('Payment completed for session: ' . $session->id);
break;
case 'checkout.session.expired':
$session = $event->data->object;
$pdo = getDBConnection();
$stmt = $pdo->prepare("
UPDATE payments SET payment_status = 'expired'
WHERE stripe_session_id = :session_id
");
$stmt->execute([':session_id' => $session->id]);
error_log('Session expired: ' . $session->id);
break;
case 'payment_intent.payment_failed':
$paymentIntent = $event->data->object;
$pdo = getDBConnection();
$stmt = $pdo->prepare("
UPDATE payments SET payment_status = 'failed'
WHERE stripe_payment_intent_id = :payment_intent
");
$stmt->execute([':payment_intent' => $paymentIntent->id]);
error_log('Payment failed for intent: ' . $paymentIntent->id);
break;
default:
error_log('Unhandled event type: ' . $event->type);
}
// Return 200 OK to acknowledge receipt
http_response_code(200);
echo json_encode(['status' => 'success']);
?>
- Go to Developers → Webhooks in your Stripe Dashboard
- Click "Add endpoint"
- Enter your webhook URL: https://yourdomain.com/stripe-php-payment/webhook.php
- Select events: checkout.session.completed, checkout.session.expired, payment_intent.payment_failed
- Copy the Webhook Signing Secret (starts with whsec_) and paste it in your config.php
For local testing, use the Stripe CLI to forward webhook events:
stripe listen --forward-to localhost/stripe-php-payment/webhook.php
11 Folder Structure
12 Run and Test
Start your local PHP server if you're not using XAMPP/WAMP:
php -S localhost:8000
1. Open your browser and go to:
http://localhost:8000/index.php (or http://localhost/stripe-php-payment/ if using XAMPP)
2. Click "Pay Now with Stripe"
→ You should be redirected to Stripe's hosted checkout page
3. Use Stripe test card numbers
- Successful payment: 4242 4242 4242 4242
- Requires authentication: 4000 0025 0000 3155
- Declined card: 4000 0000 0000 0002
- Expiry: Any future date (e.g., 12/34)
- CVC: Any 3 digits (e.g., 123)
- ZIP: Any 5 digits (e.g., 10001)
4. Test successful payment flow
- Enter test card 4242 4242 4242 4242
- Complete payment → Redirected to success.php
- Check your database → Payment status should be "completed"
5. Test cancel flow
- Click the back arrow on Stripe's checkout page
- → Redirected to cancel.php
6. Test webhook (using Stripe CLI)
- Install Stripe CLI: https://stripe.com/docs/stripe-cli
- Run: stripe listen --forward-to localhost/stripe-php-payment/webhook.php
- Make a test payment → Check logs for webhook confirmation
7. Verify in Stripe Dashboard
- Go to Payments in your Stripe Dashboard
- You should see the test payment listed with all details
13 Conclusion : Secure Payment Processing with Stripe and PHP
Congratulations! You've now built a complete, production-ready Stripe Payment Gateway integration in plain PHP — without any framework dependency.
By following this tutorial you get:
- A secure checkout flow using Stripe's hosted payment page (PCI compliant)
- Server-side payment creation with the official Stripe PHP SDK
- MySQL database storage for all payment records
- Webhook handling for reliable, server-to-server payment verification
- Proper error handling and input validation
- Clean, maintainable code structure ready for production
Next Steps to Enhance Your Integration:
- Add subscription payments using Stripe Billing
- Implement refund handling via the Stripe API
- Add email receipts using PHPMailer or Stripe's built-in receipts
- Create an admin dashboard to view and manage all payments
- Enable additional payment methods like Apple Pay, Google Pay, or bank transfers
- Switch to live API keys and deploy to production with HTTPS
Stripe Checkout is the fastest and most secure way to accept payments in PHP. It handles the complex parts — card validation, 3D Secure, fraud detection — so you can focus on building your application.
Written by Revathi M
PHP Developer & Technical Writer · 10+ years building web applications with CodeIgniter and Laravel
Revathi specializes in PHP backend development, authentication systems, and REST API design. She writes practical, production-tested tutorials at Get Sample Code to help developers build secure applications faster.
Frequently Asked Questions
Stripe has no setup fees, monthly fees, or hidden costs. You only pay per successful transaction — typically 2.9% + $0.30 per card charge in the US. The PHP SDK and API access are completely free.
For local development and testing, HTTP is fine. However, for production, Stripe requires your website to use HTTPS (SSL certificate) to ensure secure data transmission. Most modern hosting providers offer free SSL via Let's Encrypt.
Stripe Checkout is a pre-built, hosted payment page provided by Stripe — it handles all the UI and PCI compliance for you. Stripe Elements are customizable UI components you embed directly in your site for more design control, but require more development effort. This tutorial uses Stripe Checkout for maximum security and simplicity.
Replace your test API keys (pk_test_ and sk_test_) with live API keys (pk_live_ and sk_live_) from your Stripe Dashboard under Developers → API Keys. Also update your webhook endpoint and signing secret for live mode. Make sure your site uses HTTPS before going live.
The success page redirect can be unreliable — users may close the browser before reaching it, or someone could manually visit the success URL. Webhooks are server-to-server notifications sent directly from Stripe, making them the most reliable way to confirm that a payment was actually completed. Always use webhooks to update your database.
Yes! Stripe supports over 135 currencies. Simply change the CURRENCY constant in config.php to your desired currency code (e.g., 'eur', 'gbp', 'inr'). Make sure the amount is in the smallest currency unit (e.g., cents for USD, pence for GBP, paisa for INR).