Credit Card Text Field - Hide all number except the last four

I have a credit card text field that I give customers the option to save their details.

I want to show the first 12 numbers as X, then the last fours as normal.

i.e. XXXXXXXXXXXX4567

My code below:

<input name="cc_number" type="text" id="cc_number" <?php if($row_WAATKcustomers['store_card_details'] == 1) { ?> value="<?php echo $row_WAATKcustomers['cc_number']; ?>" <?php } ?> size="32" />

I know that I could use this code

XXXXXXXXXXXX<?php echo substr($row_WAATKcustomers['cc_number'], -4); ?>

so it displays correctly, but then obviously the when a customer submit my form XXXXXXXXXXXX4567 will be passed into my database rather than the actual correct hidden number.

How can I do this?
petewinterAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

remorinaCommented:
You can assign the correct number to a hidden field, showing the xxxx field and when submitting getting your value from the hidden field, but then this could still be a bit risky since if someone views the source of your page they could see the number.

A correct way to implement this would be creating a function that passes the correct value when submitting the page and not to render the real number anywhere on the client side
0
petewinterAuthor Commented:
remorina - Thanks for your reply. Your first option would work for me as the customer has the option to change the credit card number.

The second option sounds like would I need, but how can I do it? Can you please demonstrate with sample code? Thanks
0
petewinterAuthor Commented:
Sorry I mean't ...Your first option wouldn't work for me...
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Ovunc TukenmezSoftware DeveloperCommented:
you can store it in $_SESSION superglobal.

session_start();
$_SESSION['credit_card'] = "1234567890123456";

then call the credit nr in other page
session_start();
$credit_card_nr = $_SESSION['credit_card'];

But IMO, you shouldn't store customer's credit nr in your database.
0
remorinaCommented:
I can't provide sample code at the moment.
Consider this Scenario, If the user is entering their info for the 1st time, you don't need to hide the credit card number and replace it with XXXX, this should only happen when they return back to their profile or edit their info.

In such a case, why don't you write a function that detects if the field was updated? for example a script to run onblur of the field or on click of the submit button and check, if this field had any XXX then the user didn't update so you won't need to update this field in your update statement, otherwise if the number was edited and entered then you can update the DB with the field values, and also you wouldn't need to hide it to XXX except when you read back the fields after update, does this make any sense for you?
0
sajayj2009Commented:
Easy way to tackle this is;

Create 8 textfields, one after another in a line, and enable password option for first seven textfields. If anyuser type first twentyeight digits it will be dots and rest 4 digits will be visible.

Also you can take the same values anyway around ur system without any hassles.

Hope it is clear.
0
sajayj2009Commented:
Sorry. NB: Each textField with max char width "4"
0
sajayj2009Commented:
or else 2 text fields.

first one with password set on, 28 char width and other with normal 4 char width.

Simple!!
0
petewinterAuthor Commented:
remorina - I prefer your solution, but I haven't got enough knowledge to create the code. If you could provide me with some sample code when possible that would be great! Thanks
0
Ovunc TukenmezSoftware DeveloperCommented:
@sajayj2009
Why total width of 32?
All credit numbers are total nr. of 16 digits.
Also, if you set password on, the value will always visible on page source code.

@petewinter
Why do you want to put this value in input value?
When showing user details, simply echo the value as you do now.
XXXXXXXXXXXX<?php echo substr($row_WAATKcustomers['cc_number'],  -4); ?>
Then include the link next to it like:
XXXXXXXXXXXX<?php echo substr($row_WAATKcustomers['cc_number'],   -4); ?>   <a href="change_credit_nr.php">Change</a>
Then in the page "change_credit_nr.php",
get the new details from the user and change it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
petewinterAuthor Commented:
jet-black

Thanks for your message, but I don't want to have to go to another page to update the credit card details.

I just want to have one page that if the credit details are correct you just proceed or amend the details, then proceed.
0
Ovunc TukenmezSoftware DeveloperCommented:
then proceed to what?
if this page is something like "user info", then you are better to prefer this way.

take a look to amazon.com:
click to "Manage  Payment Options" link to see what they do.
It's standard way.

The user's card nr doesnt change. Only the Exp. Date changes.
If credit card nr change, it will be another card.

Look to Amazon.com's
"Add  a Credit Card" page.
0
ygouthamCommented:
it is always preferable to use session cookies for such tricky situations.  start the session at the start of the page with

session_start();

and then you have the session cookie to store your values and play around with.  The session cookies are stored on the server side and hence no damage / theft possibilities.


0
petewinterAuthor Commented:
If you are not legally allowed to store credit card details within a database how do websites like amazon store credit card details?
0
sajayj2009Commented:
If your site is secured server, you can.
0
petewinterAuthor Commented:
Thanks for clearing that up sajayj2009

jet-black - Thanks for your info. I understand how amazon have the credit card area set up and I may end up doing it that way, but I just wanted to have one simple page to confirm or update the credit card details.

remorina - I look forward to seeing sample code of your solution.
0
petewinterAuthor Commented:
Thanks for your help. You have helped me solve the issue.
0
Ovunc TukenmezSoftware DeveloperCommented:
@petewinter
You're welcome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.