Usually paying should be the last step, so you might probably want to review your workflow. Anyways, if you're storing the credit card in the database, then why are you also storing it in the session, you can just query the database for the credit card based on the session id (so you should also store the session id in that table). Since you're storing the credit card in the database, then you should encrypt the credit card (there are plenty of encryption/decrypting algorithms on the internet for PHP). Other than that, I think everything is fine, and your system should work smoothly. -- itoctopus - http://www.itoctopus.com <siavash1979@xxxxxxxxx> wrote in message news:1176056778.461933ca199b3@xxxxxxxxxxxxxxxxxxxx > > Hi All, > > I've got quite a bit or php experience, but I've never had to deal with credit > card info before. Now for a property rental site, I'm adding a way for users to > be able to fill out a form which also has some credit card info in it. > > After they submit the form, there are a couple of more steps and to pass credit > card info to the last page, I'm storing all the info in my session. Now, I did > go and bought an SSL certificate, so the booking section of the site is on SSL > (https). I'm just wondering if this is secure enough. as far as I know, SSL > means connection to server is secured, so session variables should be secured > too. no? > > Also after I get credit card info, I'm storing them in a mysql table until an > admin would log in to the site, see new reservations, charge them manually and > contact the customer, and then that entry will be removed from my database for > ever. Is this ok? or is it a really bad idea? originally the plan was to send > an email to the admin with credit card info, but then I realized that emails > are very unsecure. so I decided to keep the info on the SSL section of the site. > > just because I'm dealing with credit cards, I'm so afraid of doing anything > now. Any suggestions? or perhaps any links to how to make it all more secure? > > Thanks a lot in advance, > Siavash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
