Answer the question
In order to leave comments, you need to log in
How to mask a credit card number with a regular expression?
There is a POST request body:
cc_number=4111111111111111&amount=1500
To write to the log, you need to cast it to the form
cc_number=XXXXXXXXXXXXXXX&amount=1500
This can be done as follows:
$data = preg_replace(
'/(?<=cc_number=)([^&]+)/e',
'str_repeat("X", strlen("$1"))',
$data);
$data = preg_replace_callback(
'/(?<=cc_number=)([^&]+)/',
function ($matches) { return str_repeat('X', strlen($matches[0])); },
$data);
$data = preg_replace($pattern, 'X', $data);
Answer the question
In order to leave comments, you need to log in
Do you work in a PCI certified office?
If not, then you do not have the right to request CVV\CVC and card number. You can store the card in the format “First six + last four”, this is allowed for transmission in clear text.
When it comes down to it, why do you even need to know the length of the card number? Replace simply with "HIDDEN"
To write to the log, it's better to do something like this:
cc_number=HIDDEN_CC_NUMBER&amount=1500&CVV=HIDDEN_CVV Otherwise
, in a couple of weeks you will sculpt regular expressions for searching in the logs 3-4-12-14-16 consecutive "X"
s/(?<=cc_number=)?(\d)/X/g;
Perl notation, not sure about PHP's specific form of notation.
Try
$data=preg_replace_all('(?<=cc_number=)?(\d)','X',$data);
Is it possible to access the $_POST array?
If yes, then you can try to do without a regular expression.
$data = str_replace('cc_number='.$_POST['cc_number'], 'cc_number='.str_repeat('X', strlen($_POST['cc_number'])), $data);
Exceptional how to play. Still preferable with a callback.
$data[1] = "cc_number=1234567890123456&amount=1500";
$data[2] = "cc_number=12345678901234&amount=1500";
$data[3] = "amount=1500&cc_number=12345678901234&otherNumber=123123123";
$patterns = array ('/\d{16}/','/\d{14}/');
$replace = array ('xxxxxxxxxxxxxxxx','xxxxxxxxxxxxxx');
echo preg_replace($patterns, $replace, $data[1]);
echo "<br>";
echo preg_replace($patterns, $replace, $data[2]);
echo "<br>";
echo preg_replace($patterns, $replace, $data[3]);
IMHO, it's safer like this:
<?php
$data = parse_str($data);
if (isset($data["cc_number"])) {
$data["cc_number"] = str_repeat("X", strlen($data["cc_number"]));
}
$data = http_build_query($data);
?>
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question