This is a very bad practice
it is actually illegal to do this unless your database meets PCI compliance standards. unless you are 100% sure that your database meets PCI Compliance standards, you should not be doing this.
on the confirm page, the Store Order summary behavior stores the order information to the database.
you can edit this behavior to store additional information when the order is placed.
beyond that, I can not in good conscience offer assistance with storing credit card numbers.