Secure Form Processing

[rbudj]

I have created a form to be processed by PHP.  This form data will contain private information such as social security numbers and credit card information.  What is a good way to process this form?  I will be using a SSL.  Should I send the information by email, should I take it all and put it in a database, should I (if it is possible) have PHP create a .pdf and reference it through a link?  I just don't know what to do.  I'm open to all logical suggestions.  Thanks!

[ToonMariner]

processing this data via direct from submission is fine - its as secure as your ssl encryption - if that is satisfactory go ahead and do your magic.

MKAE SURE that the database is secure as it can be - encrypt the data using the mycrypt functions and try your best to make sure any keys are not available to the outside world. I personally would place the actual code that does the processing/encrption above the root folder of your site and simply include it the php script that accepts the data from teh form.

[rbudj]

Thanks, I will research your suggestion.

[dbo]

I'd suggest picking up the book "Essential PHP Security"

http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X/sr=8-1/qid=1167519646/ref=pd_bbs_sr_1/104-9182315-3567949?ie=UTF8&s=books

Security in layers, solid html forms, front end javascript validation, php validation, filtering/escaping, encryption, store database credentials out of public_html directory.... etc etc.