Doing this is not only a very, very, very bad idea (you might as well not use SSL on the page), but it would also be in violation of the merchant service agreement that you (or your client) agreed to. You have to follow the PCI-DSS standard if you are handling payment card information and this is thing #1 on the "Don't Do This" list.
If you need to handle credit card details and don't have a security team, use a merchant service provider that handles credit card detail collection for you (such as Authorize.net, Paypal, Google Checkout, Amazon Payments, etc, etc.) With those services, you simply send the user to the providers site along with an amount to be charged and a list of items it is for. The third party deals with the credit card details and then sends you a receipt code that verifies the transaction and sends you the money.