Right, I have a shopping cart all finished and set up, and need a way to process the credit card details and store them securely for later access. The site has an SSL certificate. So say I set up the HTML code like: <form action="process.php" method="post"> <fieldset> <input type="text" name="ccnumber"/> <input type="submit" /> </fieldset> </form> Code (markup): I want to add the credit card details - to the existing database preferably - securely, but still able to access for later. Cheers, BP
OSCommerce gets around this by storing the first and last digit sets and allowing the middle set to be sent to an email address. Storing the complete cc number is against the payment gateways/CCs TOS. And I wouldn't want the liability of storing the CC #s anyway.
you can save the numbers to a file like this if(isset($_POST["ccnumber")) { $cc = $_POST["ccnumber"]; $fp = fopen("db/order-".time().".txt", "x"); fwrite($fp, $cc); fclose($fp); } PHP: that would be the most secure way. cheers
PLEASE PLEASE PLEASE don store CC number in a text file.. It's not secure.. it's not even trying to be secure.. in fact don't store CC at all.. let your payment processor do that kind of stuff
You'd surely want them in an encrypted file, sitting on another machine which has no real Internet access. Isn't that default, to have an "offline" machine do the storing??