SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2012
    Posts
    28
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    how can I hide part of digits number from my database display on the page. e.g: 67***

    I hope to get help on this issue...what am trying to do is that I want to display numbers from database and I want to only show first two digit of the numbers when the page load...

    the number will be like this in the database
    6703347599578666


    So if I display it on the page I want it to hide some digit like this....
    67*************

    then when the user click a button say BUY, it should load and display the full number like this
    6703347599578666

    and then I want the number to be remove from the database when the user have paid for it to get it display and have it in user history...

    any help in writing or easy to understand PHP code with PDO MYSQL code is welcome....

    Thanks.

  2. #2
    SitePoint Evangelist
    Join Date
    Aug 2006
    Location
    Nantwich, Cheshire
    Posts
    409
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Well, you could display the left two digits of the number and replace the rest with asterisks, assuming your number is being returned from the query as 'cardnumber':

    Code:
    $dispnum = substr($row['cardnumber'], 0, 2) . str_repeat("*", strlen($row['cardnumber'])-2);
    When your user clicks buy, you can just display the number directly as it comes out of the database.
    http://www.firenza.net - my homage to a car from the 1970s

  3. #3
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    71 Post(s)
    Tagged
    0 Thread(s)
    Let me first say; If you're here asking about string manipulation....dont database store CC numbers. Ever. Ever ever. Not even for a second ever. It begs for lawsuits if your database gets cracked. This is why payment gateways exist.

    You can make it -slightly- more secure by having the database return only the unmasked part of the string; eg:
    SELECT SUBSTR(card_no,0,2) FROM .....

    That way the full number doesnt even get transmitted back to your PHP script. The customer doesnt need to see their credit card number again; they know what it is, so if you show them the mask (the more common mask is to show the last 4 digits, as opposed to the first 2, but whatever floats your boat), they should be alright with it.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  4. #4
    SitePoint Evangelist
    Join Date
    Aug 2006
    Location
    Nantwich, Cheshire
    Posts
    409
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Good point. I was only guessing it's a card number because, well, it looks like one.
    http://www.firenza.net - my homage to a car from the 1970s

  5. #5
    SitePoint Enthusiast
    Join Date
    Oct 2012
    Posts
    28
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    thanks so much @droopsnoot and @StarLion...it works fine I as hope...thanks...am not storing CC number but am storing numbers that the users have to pay for via gateway payment method...if there is any other way I can store the numbers in database that is more secure I will be glad to follow you...


    one more thing, when the user click buy I have the full number display, now I want that same number to be remove from the database table I store it so that other user wont see that same number again and I want it to be available for the user that buy it for history...any idea is welcome...thanks for your time.

  6. #6
    SitePoint Evangelist
    Join Date
    Aug 2006
    Location
    Nantwich, Cheshire
    Posts
    409
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    After you've done the 'buy' process, you'd build a new query to store the information in your history table, then do something like:

    Code:
    delete from your-table-name where your-column-name like 'your-big-long-number'
    to get rid of the record in the 'main' table, assuming the big-long-number is unique. Or you could delete it based on whatever unique id you're using to display the details for the 'buy' page in the first place. Or you could update the record and just blank out the big-long-number column. It's hard to give any precise advice as we have no information on the database or table layout. But basically once the 'buy' process is done, create a history record that has all the information you need to keep, and then either delete the other record, or just remove the number.
    http://www.firenza.net - my homage to a car from the 1970s

  7. #7
    SitePoint Enthusiast
    Join Date
    Oct 2012
    Posts
    28
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your time @droopsnoot, I have try to follow what you say but am getting this error message from the CATCH....

    error getting recharge card info: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM mtn_n100 WHERE id = '12'' at line 1

    the script am running is below....help me find out what am doing wrong, after buy I want the numbers thats was buy to be deleted from the table and also get it insert to the history table so that I can display it to the User via their member Id...I check the history table in the database and everything is inserted there but the number do not get deleted from it own table (mtn_n100) and I get the error message above....

    PHP Code:
    $buyMtnId $_POST['id'];

    if (isset(
    $_POST['action']) and $_POST['action'] == 'Buy Now') {
    try
    {
    require 
    database.php';

    $sql= "SELECT id, pinNumber, serialNumber FROM mtn_n100 WHERE id = :id";
    $s = $pdo->prepare($sql);
    $s->bindValue('
    :id', $buyMtnId, PDO::PARAM_STR);
    $s->execute(); // Execute the prepared query.

    foreach ($s as $row) {
    $buyMtn100s[] = array( '
    id' =>$row['id'], 'pinNumber' =>$row['pinNumber'], 'serialNumber' =>$row['serialNumber']);
    }

    foreach ($buyMtn100s as $buyMtn100)
    $buyMtnuserId = $buyMtn100['
    id'];

    $mtn100 = 100;

    if($accountBal == $mtn100 or $accountBal > $mtn100) { 
    $buyMtnPinNumber = $buyMtn100['
    pinNumber'];
    $buyMtnPinSerialNumber = $buyMtn100['
    serialNumber'];

    require $_SERVER['
    DOCUMENT_ROOT'] . '/includes/updateMTN.inc.php';
    $currentBal = $accountBal - $mtn100;
    $sql = '
    UPDATE mem SET accountBal = :accountBal WHERE id =:id';
    $s = $pdo->prepare($sql);
    $s->bindValue('
    :id', $_SESSION['userId'], PDO::PARAM_STR);
    $s->bindValue('
    :accountBal', $currentBal, PDO::PARAM_STR);
    $s->execute(); // Execute the prepared query.
    }

    if($s) {
    require database.php'
    ;

    $sql ' INSERT INTO history SET
    buyerId =:buyerId,
    buyerPhoneNumber =:buyerPhoneNumber,
    pinId =:pinId,
    pinNumber =:pinNumber,
    pinSerialNumber =:pinSerialNumber,
    buyDateTime = NOW() '
    ;
    $historyStmt $pdo->prepare($sql);
    $historyStmt->bindValue(':buyerId'$_SESSION['userId'], PDO::PARAM_STR);
    $historyStmt->bindValue(':buyerPhoneNumber'$_SESSION['phoneNumber'], PDO::PARAM_STR);
    $historyStmt->bindValue(':pinId'$buyMtnuserIdPDO::PARAM_STR);
    $historyStmt->bindValue(':pinNumber'$buyMtnPinNumberPDO::PARAM_STR);
    $historyStmt->bindValue(':pinSerialNumber'$buyMtnPinSerialNumberPDO::PARAM_STR);
    $historyStmt->execute(); // Execute the prepared query.
    }

    if(
    $historyStmt) { 

    require 
    database.php';
    $sql= "DELETE id, FROM mtn_n100 WHERE id = :id";
    $s = $pdo->prepare($sql);
    $s->bindValue('
    :id', $buyMtnuserId, PDO::PARAM_STR);
    $s->execute(); // Execute the prepared query. 


    }

    else {
    $lowBal = '
    Your account balance is too lowkindly add fund';
    }

     catch (PDOException $e)   
      {
         echo "error getting recharge card info: " . $e->getMessage();
        // include '
    error.html.php';
         exit();
      } 
    }


    I will be very happy to hear from you real soon. thanks so much for been there.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •