1. $25.00 / mth is trivial for the security and speed a database provides 
(And you can do development work on your own machine, start paying only 
when you move it to production.)
2. Your database can be, and probably will be in a web hosting environment, 
protected with a username and password.
3. MySQL, I believe, has a proprietary encryption scheme you can use for 
credit card numbers
3a Given that, you can double encrypt if you wish, using both your own and 
MySQL's mechanism.
4. MySQL gives you good granularity in terms of permissions; who can 
enter/retrieve information.
5. Flat files are much slower to access, as every search for data requires 
a sequential read.
6. Give serious consideration to using 3rd party payment agencies; then you 
don't have  the responsibility and liability of storing the cc number. You 
get $$ faster, too.
7. Have you looked at the various shopping cart script/packages implemented 
in PHP?
8. Does your ISP provide SSL so that cc info isn't transmitted in the clear?
9. Some people split the credit card number between two tables as well.
10. Databases are relational, your application doesn't have to know how the 
storage of data is structured. This isn't the case with flat files.

Well, a bunch of thoughts. I'd be very partial to using a database.

Regards - Miles Thompson

At 03:38 PM 8/13/01 -0500, Christopher Raymond wrote:
>PHP Fellows:
>Thanks for taking the time to look at this.
>I'm new to PHP and to e-commerce. Needless to say, I've done a lot of
>studying over the last few weeks and I'm ready to dive in head first!
>I'll be building an e-commerce site and I'll be using PHP. I'd like
>customers to have the option of saving their information so that they don't
>have to enter it each time they purchase -- much like does or like
>'s One-Click feature.
>This means that the customer will be storing information like one or more
>credit cards, shipping addresses, billing addresses, etc.
>I'm planing on storing all information in flat files so that I don't have
>the additional expense of using MySQL (My ISP is charging 24.95/month extra
>for MySQL service).
>So the question is: How can I store each customer's information safely? Can
>I use .htaccess and .htpasswd to help me out? Or don't they even apply?
>My intention is to store the user's password encoded with md5 or something
>and also to develop my own cipher for disguising the credit card numbers as
>Any suggestions?
>Christopher Raymond

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to