unless you are a payment gateway or a bank don't touch credit card numbers. there are plenty of threads in the archive of this list that give good reasons not to e.g. being sued out of existence.
get a payment provider and let them handle the transaction automatically, the site admin could be given a system whereby he/she can fire off email to customers that give them a url to (and instruct them to) complete a payment at your choose payment provider if a manual check needs to occur before a payment is initiated. storing CC numbers on your machine is rather like walking around carrying hot coals ... sooner or later you will be burned. [EMAIL PROTECTED] wrote: > Hi All, > > I've got quite a bit or php experience, but I've never had to deal with > credit > card info before. Now for a property rental site, I'm adding a way for users > to > be able to fill out a form which also has some credit card info in it. > > After they submit the form, there are a couple of more steps and to pass > credit > card info to the last page, I'm storing all the info in my session. Now, I > did > go and bought an SSL certificate, so the booking section of the site is on > SSL > (https). I'm just wondering if this is secure enough. as far as I know, SSL > means connection to server is secured, so session variables should be secured > too. no? > > Also after I get credit card info, I'm storing them in a mysql table until an > admin would log in to the site, see new reservations, charge them manually > and > contact the customer, and then that entry will be removed from my database > for > ever. Is this ok? or is it a really bad idea? originally the plan was to send > an email to the admin with credit card info, but then I realized that emails > are very unsecure. so I decided to keep the info on the SSL section of the > site. > > just because I'm dealing with credit cards, I'm so afraid of doing anything > now. Any suggestions? or perhaps any links to how to make it all more secure? > > Thanks a lot in advance, > Siavash > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
