credit card processing

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

ryan656
Forum Newbie
Posts: 1
Joined: Sat Sep 08, 2007 4:44 am

Post by ryan656 »

Why do you need to confirm after you collect the credit card information? Just confirm the total price, product details and any shipping info before you ask for their credit card. POST the purchase details to a second form to ask for the card and then cURL the order to the payment gateway.
ryand
Forum Newbie
Posts: 1
Joined: Sat Jan 05, 2008 2:12 am

credit card processing

Post by ryand »

why isn't your merchant handling all this for you? For my credit card processing, my merchant takes care of that.
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

check out the PayPal API - it's quite convenient
s.jenkins
Forum Newbie
Posts: 2
Joined: Tue Feb 05, 2008 10:42 pm

Re: credit card processing

Post by s.jenkins »

Hi, I’m new to this forum. I’ve been trying to find the best credit card offers and reviews? I’ve been checking out Finance Globe for some tips.

Anyone have any good or bad experiences? Whats the best deal for rewards?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re:

Post by Christopher »

bluesman333 wrote:Lets say I want to have a page where I collect the credit card number. After collecting the number I want to allow the user to confirm the details before submitting the transaction to the payment gateway. What do I do with the credit card number while the user is on the confirmation page?
You can treat the credit card number like any form value -- except that you must guarantee that the form is submitted using SSL and the HTTPS protocol. So just put the credit card number in a hidden field on the confirmation page. If you want values to carry forward through a series of forms you either need to store them in the session or put them in hidden form fields.

As a security note, if you are going to store credit card numbers in the session make sure you know where the session data is stored. On some shared hosts it may be in /tmp directory accessible to anyone.

Finally, I would recommend that you do not store credit card numbers permenently anywhere on your systems. Use them to verify the transaction and then clear them.
(#10850)
Post Reply