All geek questions in one place

Credit card processing using php form

I am considering integrating credit card processing into a form. Basically what happens:

  • Client will login to ssl protected website

  • They enter their information into the form and select different options for the drop-down list, jquery then updates the price of their quote "on the fly" when they select different options.

  • As soon as the customer is satisfied with the price of their quote, they click the submit button, after which it sends the information to the payment page.

  • The customer enters his credit card number, then he goes to the credit card processor, presumably using a credit card processor script? along with the price to be debited from the account. (not sure about this part).

  • The credit card processor then returns true or false.

  • If false returns echo "transaction failed", enter the customer data in the database and display a message about successful completion.

What am I interested in if this is the right procedure to follow ?, since the person with whom I was doing this talked about saving credit card information to the database or sending them by e-mail to csv, which sent alarm bells, so I told them that they are not a safe option, and processing should be done by a card processing company.

I just want to clarify that the above process is correct before I propose an alternative plan for their extremely unreliable.

+4
source share
2 answers

The easiest way to handle this is to register using a payment gateway. Theyll have instructions on how to communicate securely with the server. Then the money is sent to the online trading account.

You will probably need a Secure Sockets Layer certificate for your site in order to have a secure connection to the payment gateway server.

SagePay UK and Ireland payment gateway example .

+1
source

Firstly, it is not "unsafe" to store such data in the database. If you have returning customers and want to offer them a service so as not to re-enter the information ALL TIME, using a database is an idea. To make this idea safe, you will need policies for administering the database, access to the server, and proper data protection (e.g. hashing, encryption, etc.)

As for your script, if you send data via POST to a PHP script, the PHP script will certainly have to talk to the database (whether it is your local one or a connection made for a credit card script).

In order to answer your question, you need to know EXACTLY what the script requires before judging what you need to do locally. If the script just accepts the input and returns a value, then you will need to integrate it into your WebApp.

More if any?

-3
source

Source: https://habr.com/ru/post/1392068/

More articles:


All Articles