Obscure credit card number in update form

I need a better method to allow a user to update his CC number in an update form. I can replace all but the last 4 digits with x's for display purposes, but I'm looking for a solid method of updating the number properly.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You're not really explaining your problem here but I assume you dont want the number to get sniffed by anyone else?

Then you really should use SSL encryption I believe. By purchasing a certificate from example verisign or thawte all traffic will be encrypted between the web browser and web server.

I can recommend Thawte since they have reasonable prices and still a very good service:

webdorkAuthor Commented:
Thanks for responding.

I've got a certificate, and am displaying the info under SSL. When a client goes to the update page I don't want to display the entire CC# in the CCNum field. I'll transform the actual CC num from the recordset and just display xxxxxxxxxxxx1234. If they choose to update their CCNum, fine I'll capture the new number into the DB. But when they update their some other part of their record I dont want the obscured string punched into the recordset.
The simplest way would be to check the entries before updating the recordset. If the CCnumber starts with XXXX, don't process the CCNum update. It would be great if you can give us more details on what platform you are using (.NET/php) and some detail on the way you have structured your page. That way we can provide more concise and to the point answers.
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

Make two separate text fields. One will contain the obscured number and will be disabled or readonly. The other one will be empty and will contain the new number.
webdorkAuthor Commented:
Im using asp and SLQ server
If the number is already stored in the database, it's just a matter of checking the field before the update.  Since you already know how to replace everything but the last four digits with an x, then I'll leave that alone.  Just check to see if an X exists in the posted value, and if it does, use the existing value from your database instead.  Something like:

if instr(request.form("ccfield"), "x") <> 0 then ccvalue = rs.fields.item("existingccvalue").value
ccvalue = request.form("ccfield")
end if

Then pass ccvalue to your update.  This is essentially what nitinsy was suggesting.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
webdorkAuthor Commented:
That works for me...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.