What you need to do is get a merchant account and use a service like authorize.net or something similar to charge credit cards. You send the data over SSL to their servers which charge the account and credit your account and you receive a response back. You don't store the credit card number anywhere and you don't jeopardize your customers accounts.
---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ > -----Original Message----- > From: Joshua Minnie [mailto:[EMAIL PROTECTED]] > Sent: Sunday, December 15, 2002 1:46 PM > To: [EMAIL PROTECTED] > Subject: Re: [PHP-DB] OpenSSL, PHP and MySQL > > The MySQL db is on the same machine as the website. It has the following > set up on it: > ------------------------------------------------------ > Server Information: > + PHP v. 4.2.3 > + Apache 1.3.26 > + MySQL 3.23.53 > + SSL > ------------------------------------------------------ > Because I don't know much about SSL what would be the best way to get the > client the CC information, since you don't recommend storing it in a db? > So > I know which way to pursue more research on this topic. Thanks for the > help > and direction so far. > > -Josh > > > "John W. Holmes" <[EMAIL PROTECTED]> wrote: > > > My client has a website in which a customer will be purchasing gift > > > certificates online. They don't need a comprehensive e-commerce > > package, > > > just simple information passed across a secure connection, such as: > > user > > > names, passwords, credit cards and mailing addresses. We already have > > a > > > MySQL db set up with the gift certificate "package" information. I > > just > > > need to be able to store the customer information for retrieval later > > by > > > the > > > owners of the site. > > > > So is the MySQL database on a different machine? If it is, and you're > > talking about sending data securely to it, then using MySQL4/PHP4.3 or > > an SSH tunnel like Marco said are your options. If it's on the same > > machine, then you don't have to worry about this. Or are you talking > > about storing it securely, i.e. encrypting it within the database? > > > > Don't take this the wrong way, but unless you really, really know what > > you're doing, please don't store credit card numbers anywhere in your > > system. > > > > ---John W. Holmes... > > > > PHP Architect - A monthly magazine for PHP Professionals. Get your copy > > today. http://www.phparch.com/ > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
