Forums
This topic is locked
hiding credit card number
Posted 16 Aug 2006 22:15:30
1
has voted
16 Aug 2006 22:15:30 Julie Horner posted:
hi, i have a credit card number being pulled from a MS SQL database (yes, encrypted and secure) with asp and I need to not show the whole credit card number on the page, just the last 4 digits. The code for the line bringing up the card is:
<input type="radio" name="oldCC" onClick="updateCC('<%=VarCCNum2%>','<%=CCT%>','<%=month(pExpiration)%>','<%=year(pExpiration)%>')"> <%=VarCCNum2%>, <%=CCType%> <%=month(pExpiration)%>/<%=year(pExpiration)%>
<%=VarCCNum2%> is the variable that i have to partially hide.
Any help would be appreciated!!
Replies
Replied 17 Aug 2006 18:33:28
17 Aug 2006 18:33:28 Patrick Woldberg replied:
<%=Right(VarCCNum2,4)%> would show the last 4 digits
--------------------------------------------------
Patrick Woldberg
Web Developer at Dynamic Zones
Administrator at DMXzone.com, FLzone.net, FWzone.net and DNzone.com
--------------------------------------------------
--------------------------------------------------
Patrick Woldberg
Web Developer at Dynamic Zones
Administrator at DMXzone.com, FLzone.net, FWzone.net and DNzone.com
--------------------------------------------------
Replied 17 Aug 2006 19:33:22
17 Aug 2006 19:33:22 Roddy Dairion replied:
is encrypted already in your database? if not you can also do that straight in the database itself when inserting. When you insert you just you the function AES_ENCRYPT(value,'pass') when inserting
insert into tablename(fieldname) values(AES_ENCRYPT(2124332523523,'mypass'))
when retrieving
select AES_DECRYPT(fieldname,'mypass') from tablename
then when you display it you use the piece of code that Patrick has posted.
insert into tablename(fieldname) values(AES_ENCRYPT(2124332523523,'mypass'))
when retrieving
select AES_DECRYPT(fieldname,'mypass') from tablename
then when you display it you use the piece of code that Patrick has posted.
Replied 18 Aug 2006 02:03:49
18 Aug 2006 02:03:49 Julie Horner replied:
Hi,
Yup, that is exactly what it does - encrypts and then decrypts like that on the page. The code works fine, but the credit card number still shows in the source code (but should that matter if it is in a secure, password protected section?) The user can choose a previously used credit card (which on the page now only shows the last four digits) with a radio button - when they choose the radio button, it automatically fills in the credit card text field (or they can enter a new credit card) with the value from the database. From what I can tell, it has to automatically fill the credit card field with the full credit card (not hidden) - because that field is entering the credit card for the order via the form. Any thoughts on hiding part of a form field (I can hide the whole thing by making it a password field - but I didn't want the whole thing to be xx'd out!
Thanks!!
julie
Yup, that is exactly what it does - encrypts and then decrypts like that on the page. The code works fine, but the credit card number still shows in the source code (but should that matter if it is in a secure, password protected section?) The user can choose a previously used credit card (which on the page now only shows the last four digits) with a radio button - when they choose the radio button, it automatically fills in the credit card text field (or they can enter a new credit card) with the value from the database. From what I can tell, it has to automatically fill the credit card field with the full credit card (not hidden) - because that field is entering the credit card for the order via the form. Any thoughts on hiding part of a form field (I can hide the whole thing by making it a password field - but I didn't want the whole thing to be xx'd out!
Thanks!!
julie