This weekend, I'm going to be starting in to building a web site for my wife's new business, selling gaming books online. While I've been developing stuff for the web for five years now, I've never designed a shop site from scratch, so a few questions. I'll be most likely using PHP and a MySQL database, and divorcing it from the content as much as possible so as to reuse and sell the code again. The main question is: how do online shops handle credit card numbers? There'll be a https form, of course, but what happens to the number after that? Does it just get passed to the processor, without ever coming near the vendor, or does the vendor have to store it somehow? If the vendor needs to store it, what's the safest way to do this? Other questions are just for generic advice, pitfalls to avoid, that kind of useful stuff. (Stuff like "Don't use X technology for a shopping cart!") (If people are replying offlist, I'd appreciate replies going to gothwalk at softhome.net, rather than here to my 9-5 job, although it's not essential. Thanks!) Cheers, Drew.