How can I hide part of digits number from my database display on the page. e.g: 67***

aosworks · October 26, 2013, 12:40pm

I hope to get help on this issue…what am trying to do is that I want to display numbers from database and I want to only show first two digit of the numbers when the page load…

the number will be like this in the database
6703347599578666

So if I display it on the page I want it to hide some digit like this…
67*************

then when the user click a button say BUY, it should load and display the full number like this
6703347599578666

and then I want the number to be remove from the database when the user have paid for it to get it display and have it in user history…

any help in writing or easy to understand PHP code with PDO MYSQL code is welcome…

Thanks.

droopsnoot · October 28, 2013, 1:21pm

Well, you could display the left two digits of the number and replace the rest with asterisks, assuming your number is being returned from the query as ‘cardnumber’:


$dispnum = substr($row['cardnumber'], 0, 2) . str_repeat("*", strlen($row['cardnumber'])-2);

When your user clicks buy, you can just display the number directly as it comes out of the database.

StarLion · October 28, 2013, 2:23pm

Let me first say; If you’re here asking about string manipulation…dont database store CC numbers. Ever. Ever ever. Not even for a second ever. It begs for lawsuits if your database gets cracked. This is why payment gateways exist.

You can make it -slightly- more secure by having the database return only the unmasked part of the string; eg:
SELECT SUBSTR(card_no,0,2) FROM …

That way the full number doesnt even get transmitted back to your PHP script. The customer doesnt need to see their credit card number again; they know what it is, so if you show them the mask (the more common mask is to show the last 4 digits, as opposed to the first 2, but whatever floats your boat), they should be alright with it.

droopsnoot · October 28, 2013, 6:33pm

Good point. I was only guessing it’s a card number because, well, it looks like one.

aosworks · October 29, 2013, 6:53pm

thanks so much @droopsnoot and @StarLion…it works fine I as hope…thanks…am not storing CC number but am storing numbers that the users have to pay for via gateway payment method…if there is any other way I can store the numbers in database that is more secure I will be glad to follow you…

one more thing, when the user click buy I have the full number display, now I want that same number to be remove from the database table I store it so that other user wont see that same number again and I want it to be available for the user that buy it for history…any idea is welcome…thanks for your time.

droopsnoot · October 30, 2013, 10:12am

After you’ve done the ‘buy’ process, you’d build a new query to store the information in your history table, then do something like:


delete from your-table-name where your-column-name like 'your-big-long-number'

to get rid of the record in the ‘main’ table, assuming the big-long-number is unique. Or you could delete it based on whatever unique id you’re using to display the details for the ‘buy’ page in the first place. Or you could update the record and just blank out the big-long-number column. It’s hard to give any precise advice as we have no information on the database or table layout. But basically once the ‘buy’ process is done, create a history record that has all the information you need to keep, and then either delete the other record, or just remove the number.

aosworks · October 31, 2013, 4:49pm

Thanks for your time @droopsnoot, I have try to follow what you say but am getting this error message from the CATCH…

error getting recharge card info: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘FROM mtn_n100 WHERE id = ‘12’’ at line 1

the script am running is below…help me find out what am doing wrong, after buy I want the numbers thats was buy to be deleted from the table and also get it insert to the history table so that I can display it to the User via their member Id…I check the history table in the database and everything is inserted there but the number do not get deleted from it own table (mtn_n100) and I get the error message above…

$buyMtnId = $_POST['id'];

if (isset($_POST['action']) and $_POST['action'] == 'Buy Now') {
try
{
require database.php';

$sql= "SELECT id, pinNumber, serialNumber FROM mtn_n100 WHERE id = :id";
$s = $pdo->prepare($sql);
$s->bindValue(':id', $buyMtnId, PDO::PARAM_STR);
$s->execute(); // Execute the prepared query.

foreach ($s as $row) {
$buyMtn100s[] = array( 'id' =>$row['id'], 'pinNumber' =>$row['pinNumber'], 'serialNumber' =>$row['serialNumber']);
}

foreach ($buyMtn100s as $buyMtn100)
$buyMtnuserId = $buyMtn100['id'];

$mtn100 = 100;

if($accountBal == $mtn100 or $accountBal > $mtn100) {
$buyMtnPinNumber = $buyMtn100['pinNumber'];
$buyMtnPinSerialNumber = $buyMtn100['serialNumber'];

require $_SERVER['DOCUMENT_ROOT'] . '/includes/updateMTN.inc.php';
$currentBal = $accountBal - $mtn100;
$sql = 'UPDATE mem SET accountBal = :accountBal WHERE id =:id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_SESSION['userId'], PDO::PARAM_STR);
$s->bindValue(':accountBal', $currentBal, PDO::PARAM_STR);
$s->execute(); // Execute the prepared query.
}

if($s) {
require database.php';

$sql = ' INSERT INTO history SET
buyerId =:buyerId,
buyerPhoneNumber =:buyerPhoneNumber,
pinId =:pinId,
pinNumber =:pinNumber,
pinSerialNumber =:pinSerialNumber,
buyDateTime = NOW() ';
$historyStmt = $pdo->prepare($sql);
$historyStmt->bindValue(':buyerId', $_SESSION['userId'], PDO::PARAM_STR);
$historyStmt->bindValue(':buyerPhoneNumber', $_SESSION['phoneNumber'], PDO::PARAM_STR);
$historyStmt->bindValue(':pinId', $buyMtnuserId, PDO::PARAM_STR);
$historyStmt->bindValue(':pinNumber', $buyMtnPinNumber, PDO::PARAM_STR);
$historyStmt->bindValue(':pinSerialNumber', $buyMtnPinSerialNumber, PDO::PARAM_STR);
$historyStmt->execute(); // Execute the prepared query.
}

if($historyStmt) {

require database.php';
$sql= "DELETE id, FROM mtn_n100 WHERE id = :id";
$s = $pdo->prepare($sql);
$s->bindValue(':id', $buyMtnuserId, PDO::PARAM_STR);
$s->execute(); // Execute the prepared query.


}

else {
$lowBal = 'Your account balance is too low, kindly add fund';
}

 catch (PDOException $e)
  {
     echo "error getting recharge card info: " . $e->getMessage();
    // include 'error.html.php';
     exit();
  }

}

I will be very happy to hear from you real soon. thanks so much for been there.