How to securely pass credit card information between pages in PHP

php security e-commerce credit-card
Alex picture Alex · Mar 28, 2010 · Viewed 8k times · Source

How do you securely pass credit card information between pages in PHP? I am building an ecommerce application and I would like to have the users to go through the checkout like this:

Enter Information -> Review -> Finalize Order

Problem is that I am not sure on how to safely pass credit information from when the user inputs them to when I process it (at the Finalize Order step). I heard using sessions is insecure, even with encryption.

Any help would be appreciated!

Answer

Rimian picture Rimian · Mar 28, 2010

I wouldn't store it anywhere. It's too much of a risk and probably not ethical.

Send a request to the payment gateway by posting a form over https and store the result of the transaction only.

You probably only care if the transaction was approved or declined. Who cares what the number is?

Related questions

How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's …

Read More
How can I sanitize user input with PHP?

Is there a catchall function somewhere that works well for sanitizing user input for SQL injection and XSS attacks, while still allowing certain types of HTML tags?

Read More
How do you Encrypt and Decrypt a PHP String?

What I mean is: Original String + Salt or Key --> Encrypted String Encrypted String + Salt or Key --> Decrypted (Original String) Maybe something like: "hello world!" + "ABCD1234" --> Encrypt --> "2a2ffa8f13220befbe30819047e23b2…

Read More