DO NOT STORE CREDIT CARD NUMBERS!!! Period!!! If your PHP script can access them, then they are too accessible to the Bad Guys. Ditto
Even if nothing else, someone could modify your code to email them the CC Numbers. It's better if, when it comes to time to checkout, you redirect your client to your Payment Service Providers (PSP's) website, your PSP processes the payment, and redirects the client back to your site. The PSP would then contact you directly to confirm the payment. That way there is no CC info on your server for you to protect. .... Unless you are a computer security professional and _REALLY_ know what you're doing.
