0

So i made a program to validate the card number.. So now i want to store the card number along with other useful data on mysql table but the credit card number isn't appearing on the table.. Its just showing 0, i changed the data type to varchar and now its just showing array and i am getting this error on the php page "Array to string conversion in C:\xamppp\htdocs\cpu5001\cards.php on line 38".. Here is my code:

<style>
#park{
border-radius: 25px; 
background:#D0D3D4;
height: 750px;
padding-top: 10px;
margin-top:10px;
}
</style>
<?php
session_start();
$ids=$_SESSION['tsmUserName'];
if (isset($_POST['submit'])){


    $number=$_POST['cc'];
    $expiray=$_POST['expire'];
    $Cardholder=$_POST['cardholder'];
    $country=$_POST['country'];
    $total=0;
    $i=1;
    $last4= substr($number,-4,4);
    $number=str_split($number);
    $number=array_reverse($number);
    foreach($number as $digit){
        if($i%2==0){
            $digit*=2;
            if($digit>9){
                $digit -=9;
            }
        }
        $total += $digit;
        $i++;
    }
    if($total%10==0){
        echo "Your credit card number ending in ".$last4." is valid";
        require_once("connection.php");
    $my_query="INSERT INTO `card`(`No`, `Username`, `CreditCard`, `ExpirationDate`, `CardHolderName`, `Country`) VALUES (NULL,'$ids','$number','$expiray','$Cardholder','$country')";
    $result=mysqli_query($connection,$my_query);
            if($result)
            {
                echo 'thank you';
            }
            else
            {
                echo 'error';
            }
            mysqli_close($connection);
    }
    else
    {
        echo "Your credit card number ending in ".$last4." is invalid";
    }


}
?>
<html>
<head>
    <title>Credit Card Number</title>
</head>
<body>
<label style="margin-left:630px; font-size: 1.6em;"> Credit card info </label>
<div id="park">
<div id="info" style="background:#F5F5DC; width:500px;height:570px; margin-left:450px;border-radius: 25px;margin-top:150px; ">
<img src="credit_2.PNG" style="margin-top:-130px; margin-left:120px;">
<form action="cards.php" method='POST'>
    </br></br>
    <label style="margin-left:192px; font-size:1.5em;"> Credit Number </label>
    </br></br>
    <input type="text" name="cc" style="margin-left:150px;  width:210px;">
    </br></br>
    <label style="margin-left:200px; font-size:1.5em;"> Expiray date </label>
    </br></br>
    <input type="date" name="expire" style="margin-left:150px;  width:210px;">
    </br></br>
    <label style="margin-left:190px; font-size:1.5em;"> Card Holder </label>
    </br></br>
    <input type="text" name="cardholder" style="margin-left:150px;  width:210px;">
    </br></br>
    <label style="margin-left:210px;font-size:1.5em;"> Country </label>
    </br></br>
    <input type="text" name="country" style="margin-left:150px;  width:210px;">
    </br></br>
    <input type="submit" name="submit" style="margin-left:230px;">
    </form>
</div>
</div>
    </body>
</html>
Improve this question
8
  • where is line 38? Commented Jan 5, 2017 at 15:25
  • $my_query="INSERT INTO card(No, Username, CreditCard, ExpirationDate, CardHolderName, SecurityNo) VALUES (NULL,'$ids','$number','$expiray','$Cardholder','$security')"; Commented Jan 5, 2017 at 15:31
  • The error tells you what the problem is. You are trying to convert an array to string. $number became an array when you did str_split. Commented Jan 5, 2017 at 15:32
  • dont let that go live..it can be hacked quite easy .. please escape '$ids','$number','$expiray','$Cardholder','$country' Commented Jan 5, 2017 at 15:35
  • $number is a array type. Commented Jan 5, 2017 at 15:37

2 Answers 2

Reset to default
2

Vitek had it right - you converted the string $number into an array with str_split,so maybe do this (using $numbers instead of $number):

$numbers=str_split($number);
$numbers=array_reverse($number);
foreach($numbers as $digit){
    if($i%2==0){
        $digit*=2;
        if($digit>9){
            $digit -=9;
        }
    }
    $total += $digit;
    $i++;
}

As other have mentioned, there are several issues that should be mentioned as well:

  • The code as it is is (VERY) vulnerable to sql injections (https://xkcd.com/327/) , you can read here how to use prepared statements which are safer: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
  • even if you remover the vulnerability above you need to take a lot of precautions if you store credit numbers in your own database - I have avoided it in my 15 years of development and hope I never need to - maybe consider using 3rd party services that are PCI compliant for this, like stripe (and PCI compliance, which you would need, is a PAIN)
  • in general it is better to separate view and database logic out into separate components. http://www.phptherightway.com/ has a lot of information on good practices, I would recommend a read ;)

Hope this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You reassigned $number to an array when you did $number=str_split($number);. Do this, and you should be fine: 

$numberChecker=str_split($number);
$numberChecker=array_reverse($number); 
foreach($numberChecker as $digit){ 
...
}

Side note: you really should be using MySQLi prepared statements.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.