I've been setting up a new MySQL/PHP site which will contain store
some CC details, and have been wondering how to pass the keys.
CC's are written in a similar way to:
INSERT INTO cc (ccName, ccNumber, ccDate)
VALUES (ENCRYPT('fred smith', 'mykey'),ENCRYPT('12345',
'mykey'),ENCRYPT('01.03', 'mykey'))
And they're read out using something along the lines of:
SELECT DECRYPT(ccName, 'mykey'), DECRYPT(ccNumber, 'mykey'),
DECRYPT(ccDate, 'mykey')
FROM cc
In order to reduce the chance of the key being noticed, either by a db
error exposing the SQL query (I know my PHP should do this in a
production system, but you never know...) I've tried issuing the
following commands, but I always get errors. Is there anyway of using
variables in the EN-/DECRYPT commands?
SET @enckey='mykey';
SELECT ENCODE('fred smith', @enckey); -- causes error
SELECT DECODE('fred smith', @enckey); -- causes error
Have I missed something either RTFM or just plain silly, or can I not
do this at all?
many thanks,
Mark Hanford