DO NOT STORE CREDIT CARD NUMBERS!!!
Period!!!
If your PHP script can access them, then they are too accessible to
the Bad Guys.
Ditto
Even if nothing else, someone could modify your code to email them the CC
Numbers.
It's better if, when it comes to time to checkout, you redirect your client
to your Payment Service Providers (PSP's) website, your PSP processes the
payment, and redirects the client back to your site. The PSP would then
contact you directly to confirm the payment.
That way there is no CC info on your server for you to protect.
.... Unless you are a computer security professional and _REALLY_ know what
you're doing.