How to validate credit card numbers

Keep your snippets safe! Read about our program and find out why you should use roScripts to save your code snippets.

get the feedDo you like our posts? Wanna stay informed and be the first to know when we publish new content?
subscribe to our newsletterWeekly newsletters with the best websites organized by categories and other news.

There's no point to think of the importance of validating your visitor's input. A very important aspect of this process is credit card validation. How do you spot if the entered value is a valid credit card number? There are 2 reasons for doing this and there are 2 ways of doing it. One of the most important reason why you should think of credit card validation is "online fraud". Hackers might try to break your code and inject something in your forms(' and 1=1 lol) or who knows what in order for their cart to be confirmed. The other reason is that people usually make mistakes and enter a wrong value into the credit card's designated input. How do you tell them that the credit card is invalid? well...as I told you there are 2 ways (I'm talking about the simple ways, the accessible ones - I will mention some other though). Client side validation Server side validation The first one is always handy and easy, usually done in Javascript and it's useful because the visitor won't have to browse to the result page to find out that his credit card was invalid. You might opt for a visual alert (in case the validation will fail) to inform him about the problem. But what do you do if your visitor has Javascript turned OFF in his browser. Here comes the server side validation which is crucial for anything related to web forms, user submissions and stuff like that. Not only that it protects your online business if you have it done well and from the beginning but it will also save you countless hours of work. Security, if you ask me, is one (if not) the most important things that you must cover when you build your pages. I will present you a function I've made and tested which will make your life easier your job on the server side validation. A good remember note is that this function will check the input to see if it's a valid credit card number but will not do any banking check or credit reports :-). The card could still be invalid, out of funds or stolen or whatever.

Here's the function. There are 2 variables we need to be working with. "$cc_num" which is the credit card number and "$type" which is the credit card type.

function validateCC($cc_num, $type) {

	if($type == "American") {
	$denum = "American Express";
	} elseif($type == "Dinners") {
	$denum = "Diner's Club";
	} elseif($type == "Discover") {
	$denum = "Discover";
	} elseif($type == "Master") {
	$denum = "Master Card";
	} elseif($type == "Visa") {
	$denum = "Visa";
	}

	if($type == "American") {
	$pattern = "/^([34|37]{2})([0-9]{13})$/";//American Express
	if (preg_match($pattern,$cc_num)) {
	$verified = true;
	} else {
	$verified = false;
	}
	
	
	} elseif($type == "Dinners") {
	$pattern = "/^([30|36|38]{2})([0-9]{12})$/";//Diner's Club
	if (preg_match($pattern,$cc_num)) {
	$verified = true;
	} else {
	$verified = false;
	}
	
	
	} elseif($type == "Discover") {
	$pattern = "/^([6011]{4})([0-9]{12})$/";//Discover Card
	if (preg_match($pattern,$cc_num)) {
	$verified = true;
	} else {
	$verified = false;
	}
	
	
	} elseif($type == "Master") {
	$pattern = "/^([51|52|53|54|55]{2})([0-9]{14})$/";//Mastercard
	if (preg_match($pattern,$cc_num)) {
	$verified = true;
	} else {
	$verified = false;
	}
	
	
	} elseif($type == "Visa") {
	$pattern = "/^([4]{1})([0-9]{12,15})$/";//Visa
	if (preg_match($pattern,$cc_num)) {
	$verified = true;
	} else {
	$verified = false;
	}
	
	}
	
	if($verified == false) {
	//Do something here in case the validation fails
	echo "Credit card invalid. Please make sure that you entered a valid <em>" . $denum . "</em> credit card ";
	
	} else { //if it will pass...do something
	echo "Your <em>" . $denum . "</em> credit card is valid";
	}


}

Here's an usage example which should return as an invalid Dinners credit card (if you need any help with it don't hesitate to post a comment or contact me:

echo validateCC("1738292928284637", "Dinners");

Another interesting way of doing this will be via AJAX and XMLHttpRequest which is also very impressive working at the same time with the user so it can instantly notify you if you did something wrong. "XMLHttpRequest (XHR) is an API that can be used by JavaScript, and other web browser scripting languages to transfer XML and other text data to and from a web server using HTTP, by establishing an independent communication channel between a web page's Client-Side and Server-Side." In another words, the third example is the most complete (when done the right way) because it uses both of the previous methods: client side and server side.

More details & rating

How to validate credit card numbers

Added by roScripts on April-18-2007, 3:53 pm

An easy example on how to validate credit card numbers using a small PHP function

0 comments Bury

BookmarkCategory: PHP » Resources » Functions » Security

Comments

For coding help and further support please use the forum.

This posting has no comments.

Add comment

How to validate credit card numbers

More details & rating

Related articles (53)

Comments

→ LATEST NEWS & ARTICLES

→ we recommend