What you need to do is get a merchant account and use a service like
authorize.net or something similar to charge credit cards. You send the
data over SSL to their servers which charge the account and credit your
account and you receive a response back. You don't store the credit card
number anywhere and you don't jeopardize your customers accounts. 

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/

> -----Original Message-----
> From: Joshua Minnie [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, December 15, 2002 1:46 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] OpenSSL, PHP and MySQL
> 
> The MySQL db is on the same machine as the website.  It has the
following
> set up on it:
> ------------------------------------------------------
> Server Information:
>  + PHP v. 4.2.3
>  + Apache 1.3.26
>  + MySQL 3.23.53
>  + SSL
> ------------------------------------------------------
> Because I don't know much about SSL what would be the best way to get
the
> client the CC information, since you don't recommend storing it in a
db?
> So
> I know which way to pursue more research on this topic.  Thanks for
the
> help
> and direction so far.
> 
> -Josh
> 
> 
> "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > > My client has a website in which a customer will be purchasing
gift
> > > certificates online.  They don't need a comprehensive e-commerce
> > package,
> > > just simple information passed across a secure connection, such
as:
> > user
> > > names, passwords, credit cards and mailing addresses.  We already
have
> > a
> > > MySQL db set up with the gift certificate "package" information.
I
> > just
> > > need to be able to store the customer information for retrieval
later
> > by
> > > the
> > > owners of the site.
> >
> > So is the MySQL database on a different machine? If it is, and
you're
> > talking about sending data securely to it, then using MySQL4/PHP4.3
or
> > an SSH tunnel like Marco said are your options. If it's on the same
> > machine, then you don't have to worry about this. Or are you talking
> > about storing it securely, i.e. encrypting it within the database?
> >
> > Don't take this the wrong way, but unless you really, really know
what
> > you're doing, please don't store credit card numbers anywhere in
your
> > system.
> >
> > ---John W. Holmes...
> >
> > PHP Architect - A monthly magazine for PHP Professionals. Get your
copy
> > today. http://www.phparch.com/
> 
> 
> 
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php




-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to