For now, as already said, go with PayPal or similar. Do not store the CC#s in your DB or anywhere at all, for any length of time. Not in the SESSION either. Get it and send it to PayPal and wipe it out with http://php.net/unset all in one single HTTP request. For long-term, to learn more, start reading here: http://phpsec.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php