Hi All, I've got quite a bit or php experience, but I've never had to deal with credit card info before. Now for a property rental site, I'm adding a way for users to be able to fill out a form which also has some credit card info in it. After they submit the form, there are a couple of more steps and to pass credit card info to the last page, I'm storing all the info in my session. Now, I did go and bought an SSL certificate, so the booking section of the site is on SSL (https). I'm just wondering if this is secure enough. as far as I know, SSL means connection to server is secured, so session variables should be secured too. no? Also after I get credit card info, I'm storing them in a mysql table until an admin would log in to the site, see new reservations, charge them manually and contact the customer, and then that entry will be removed from my database for ever. Is this ok? or is it a really bad idea? originally the plan was to send an email to the admin with credit card info, but then I realized that emails are very unsecure. so I decided to keep the info on the SSL section of the site. just because I'm dealing with credit cards, I'm so afraid of doing anything now. Any suggestions? or perhaps any links to how to make it all more secure? Thanks a lot in advance, Siavash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
