Obscure credit card number in update form

Posted on 2006-04-01
Last Modified: 2008-02-01
I need a better method to allow a user to update his CC number in an update form. I can replace all but the last 4 digits with x's for display purposes, but I'm looking for a solid method of updating the number properly.
Question by:webdork
    LVL 12

    Expert Comment

    You're not really explaining your problem here but I assume you dont want the number to get sniffed by anyone else?

    Then you really should use SSL encryption I believe. By purchasing a certificate from example verisign or thawte all traffic will be encrypted between the web browser and web server.

    I can recommend Thawte since they have reasonable prices and still a very good service:

    Author Comment

    Thanks for responding.

    I've got a certificate, and am displaying the info under SSL. When a client goes to the update page I don't want to display the entire CC# in the CCNum field. I'll transform the actual CC num from the recordset and just display xxxxxxxxxxxx1234. If they choose to update their CCNum, fine I'll capture the new number into the DB. But when they update their some other part of their record I dont want the obscured string punched into the recordset.
    LVL 1

    Assisted Solution

    The simplest way would be to check the entries before updating the recordset. If the CCnumber starts with XXXX, don't process the CCNum update. It would be great if you can give us more details on what platform you are using (.NET/php) and some detail on the way you have structured your page. That way we can provide more concise and to the point answers.
    LVL 5

    Expert Comment

    Make two separate text fields. One will contain the obscured number and will be disabled or readonly. The other one will be empty and will contain the new number.

    Author Comment

    Im using asp and SLQ server
    LVL 8

    Accepted Solution

    If the number is already stored in the database, it's just a matter of checking the field before the update.  Since you already know how to replace everything but the last four digits with an x, then I'll leave that alone.  Just check to see if an X exists in the posted value, and if it does, use the existing value from your database instead.  Something like:

    if instr(request.form("ccfield"), "x") <> 0 then ccvalue = rs.fields.item("existingccvalue").value
    ccvalue = request.form("ccfield")
    end if

    Then pass ccvalue to your update.  This is essentially what nitinsy was suggesting.

    Author Comment

    That works for me...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit ( and similar technologies have enjoyed wide adoption, making it possib…
    Accessibility and Usability are two concepts that seem to be closely related.  But, too many people seem to have a distorted perception of them. During last five years, those two words have come to the day-to-day work of almost every web develope…
    This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now