mcrypt general questions: key, IV, storage, etc

CaptSaltyJack

I came here to ask about mcrypt. I need to store credit card information in a database, and I want to do this the right way. I'll list my questions in an orderly fashion 🙂

Is the key generated randomly for each purchase on the store? Or is it a hardcoded var somewhere in a php file? ($key = 'blahblahblah123123')
Is the IV generated randomly for each purchase on the store? Or is it a hardcoded var?
Key and IV: which can I store in the DB along with the encrypted CC info?

Basically I'm confused about the relationship between the key, IV, and the text to encrypt. And if the key is static or dynamically changing, or if the IV is .. etc.

Thanks in advance.

CaptSaltyJack

Did some more reading around. Seems like the general way it works is, you store your key in a .php file or in a DB..somewhere preferably safe/secure. Your IV you can store in the same table/area as your encrypted credit card info. The IV will change any time CC info is updated in the DB.. but the key always remains the same, globally.

is this right?