Basically I'm working on a site where it will process credit cards. But when a transaction/charge is placed I would like to store information about the credit card in a database.
Right now, I've been thinking of storing the first 4 and last 4 numbers and the expiry date. But I wont store it in plan text, I've created my own encryption method.
Is that safe enough?
From a PCI Compliancy perspective, storing only the first four, last four in plain text is fine. PCI actually allows plain text storage of the first six digits (this is known as the IIN or Issuer Identifier Range), and last four digits (the very last digit is a checksum).
These are similar to the standards for printed receipts, which allow the first six and last three digits to be printed.
Your question does understandably ring alarm bells though. If you (or your systems) have access to the full card number, then you are in the scope of PCI-DSS. Monitoring and maintaining compliance can be time consuming and costly, especially where your compliance must be verified by a third party QSA (Qualified Security Assessor).
The better approach then would be to use a payment gateway that is already PCI compliant. They would be able to perform the card authorization/settlement and return to you a token id and/or a hash of the card number which is safe to store in your database.