No matter what database you're using I would think you would only store the billing information *just long enough to process it* -- then securely delete it. Don't store it for historical reasons or future customer use as it may fall into the wrong hands.
Also ensure any form submission data is being checked for validity especially if doing any type of dynamic SQL commands. When I say validity I mean that if numbers are to be entered, ensure they are numbers, set a max length to acceptable values, and strip and chars that can be used for sql injection attacks (search Google for ways to combat SQL injection - tons o' information).
John Rasri - GotLiveChat.com
Please login or register to view this content. Registration is FREE Reseller/White Label Program