PHP has some encryption mechanisms in it - but by that time you've 
sent the data to the server.  The other respondents are correct 
though - you should be using an SSL connection to encrypt the data 
between the user and your server.

On a site that I do I use SSL to keep the data secure between the 
user and the server - but the server is in another state.  So I have 
the server encrypt the data (using PGP) and send it on to my computer 
- where I decrypt it.

If you cannot manage an SSL connection for whatever reason then 
having the information encrypted locally might work in theory (though 
Vigenere isn't as uncrackable as the writer of that article thinks - 
nor do they know how to spell the name - it wouldn't be worth the 
effort to steal one cc number).   HOWEVER - the 'key phrase' that 
will encrypt the user data is the SAME one that you would use to 
decrypt it - and it would have to be right there on the page unless 
each customer were to pick their own key phrase and phone you with 
it!  This "two-way" encryption used to be the standard - but it 
requires that the sender and the recipient have the same key.

Public key encryption ('one-way') like PGP allows two separate keys 
for encryption and decryption, neither of which can be derived from 
the other.  The encryption key is made public, but the decryption key 
is kept secret.


>I use a PHP self-validating form for taking orders off my site. (on submit
>it calls itself and if there are no errors a send variable is set and it
>emails me the information, etc - standard stuff).
>I'd like to start taking CC orders and would like to encode the information
>using javascript
>  I'll
>use a hidden value as a codephrase to encode the CC number, then when I
>receive the order I can go to a secure page on the site to decrypt it.
>The question is - how do I call a javascript function from my PHP code?  I
>want to do the encoding just before I email the form variables.  ie -
>if ($send == "yes"){
>       do javascript encoding of cc number
>       $mail (information to me)
>       echo ("Your Order has been sent")
>       }
>Thanks for any help,
>PHP General Mailing List (
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]


Nelson Goforth                 Lighting for Moving Pictures
phone: 01.303.322.5042               pager: 01.303.634.9733

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to