Menu
On step 3 I have a form which accepts a credit card, Step 4 re-prints the information including the last 4 digits of the credit card, and Step 5 I need to know the full CC # to process it and send it through my https connection to a 3rd party vendor - should I store it through hidden inputs or $_SESSION so I can access it in between the 3rd and 5th step?
FYI: My entire site is already https'd.
823
Take the credit card number as the last step so you don't have to store it. There are many legal issues around storing that information.
122
SSL won't protect data stored on disk. Additionally, PHP session data is stored by default in the file system under a temp directory with minimal permissions. So not only is the data stored in plain-text but also can be accessed by many different system users (depending on your web server configuration).
If you want to implement a multi-step checkout process I'd suggest doing some AJAX/Javascript magic on the browser side. You can collect the billing information using a series of DIVs that are hidden/collapsed and post the complete data set in one go, sending the CC data one-time to your server, which then relays the CC data to your payment processor.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
