I'm encrypting data and when i try to insert it into the mySQL database it wont enter it and throws an error, i think its to do with these strange characters, they are a little box with four characters in it like two zeros on top and underneath there is like a zero and a nine, any ideas??
7 2400 Atli 5,058
Recognized Expert Expert
Hi.
How exactly does the INSERT query look like?
What error are you getting?
As a general rule, you should always run all data that is to be a part of a MySQL query through the mysql_real_esca pe_string function (or it's MySQLI equivalent) before adding it to the query.
That will make sure the data will not mess up the query with weird characters or SQL Injection.
The query look like this: - $query = mysql_query("INSERT INTO reports VALUES (NULL,'".secure_data($_REQUEST['name'],"encrypt")."')")
This is the secure_data function: - function secure_data($input,$type) {
-
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
-
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
-
$key = "an#$298d&";
-
$data = "";
-
if($type=="encrypt")
-
{
-
$data = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $input, $iv);
-
}
-
else
-
{
-
$data = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $input, $iv);
-
}
-
return data;
-
}
Atli 5,058
Recognized Expert Expert
A couple of thoughts on that code...
First, as I suggested earlier, your should ALWAYS use the mysql_real_esca pe_string function on ALL data you plan on using in a MySQL query.
This will probably fix the problem you were posting about now, although I can not be sure without seeing the actual error.
Also, when writing a INSERT query, you should always specify the columns you want to use, rather then leave it up to MySQL.
This will ensure that the order in which you add the values is correct, it will allow you to add columns to the table without breaking the query, and more importantly; it will allow you to leave out columns that don't need to be filled.
For example: -
/* Assuming `UserTable` is a table with an AUTO_INCREMENT
-
* ID field and a VarChar Name field */
-
-
/* Rather than doing: */
-
INSERT INTO `UserTable` VALUES (NULL, 'Name');
-
/* Do: */
-
INSERT INTO `UserTable`(`Name`) VALUES ('Name');
-
There in the first query, a NULL value would have to be passed to the AUTO_INCREMENT ID field, which I simply left out in the second query, removing the need to pass the NULL value.
Third, and least important, your secure_data function takes a $type value as it's second parameter. You use this as a string, passing "encrypt" when you want the function to encrypt rather than decrypt.
I would suggest changing this to a boolean and giving it a default value.
It should both slightly decrease the memory usage and execution time of your program (*slightly* being the keyword there), and make the function easier to use.
Consider this: -
function secure_data($input,$encrypt=false) {
-
if($encrypt) {
-
// encrypt
-
}
-
else {
-
// decrypt
-
}
-
}
-
-
// Then you could use it like so:
-
$encrypted = secure_data('data', true);
-
$decrypted = secure_data($encrypted);
-
Hope this helps.
Thanks for your reply, i understand about the INSERT statement, i've spent time going over the fields being entered and they are never going to change, every field is always going to be entered hence why i left out the field names the data was going into.
With the html entities thing, as the data is encrypted will this effect the data so when its called from the DB again and decrypted will it decrypt properly??
I don't have access to the error right now but i'll try and post it as soon as possible.
Thanks again.
Atli 5,058
Recognized Expert Expert
Thanks for your reply, i understand about the INSERT statement, i've spent time going over the fields being entered and they are never going to change, every field is always going to be entered hence why i left out the field names the data was going into.
Ok, I see. Personally I would always write out the names, even if they were all being used... but that's just me :)
With the html entities thing, as the data is encrypted will this effect the data so when its called from the DB again and decrypted will it decrypt properly??
The mysql_real_esca pe_string function has nothing to do with HTML entities. It simply makes sure that no part of this string will cause an error in the SQL query, escaping anything that would do so.
It won't affect the data you are using in any way. The data stored and returned by MySQL when you select it will be exactly the same as the data before it was escaped.
Heres the error i'm getting:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ØT rwO L8',' ?J8 I-M'ÿ́ ','john.doe@hot ' at line 1
The mysql_real_esca pe_string function solved my problem, thanks again!
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Matt McKay |
last post by:
I've written a php page which allows users to type in a text string and a
key, then choose from a dropdown menu of encryption/decryption cyphers, and
a method (encrypt, decrypt).
The whole thing works, except the mcrypt command doesn't work.
here is my mcrypt command:
if ($method == 0) {
//Encrypt
$output = mcrypt_ecb ($algorithm, $key, $input, MCRYPT_ENCRYPT);
|
by: Marek Muszak |
last post by:
Hello,
I try use mcrypt but I want to use key in bytes, not in string. Encrypt
text will be decrypt in Delphi with function where key is 16byte not string.
How can I do this.
Thanks for any help.
best regards
|
by: William Holroyd |
last post by:
So I've got PHP to recognize mcrypt and pdflib in the phpinfo() output, but
trying to use any of the functions fail with "...undefined function
called..". There aren't any configurable files with either distro and
neither mention php.ini settings need to be made. Restarting the apache
server does not fix this and no errors are reported while starting.
The most recent stable releases Apache 2.0.49 and PHP 4.3.6 are being used
with mcrypt...
|
by: BKDotCom |
last post by:
I'm writing an app that will use blowfish encryption..
PHP's mcrypt will be used if available.
if not, I'll use PHPmyadmin's blowfish.php library.
The problem is I can't figure out what initialization vector
blowfish.php is useing (or if that's even my problem).
ie, if I encrypt with blowfish.php and decrypt with mcrypt:
/* include path to phpmyadmin '/libraries/blowfish.php'; */
$secret = 'secret';
|
by: believein |
last post by:
Hi all,
I installed PHP thru the XAMPP package on my windows machine.
The problem, I couldn't solve, is that the mcryppt funcs don't work.
It return the following message:
Call to undefined function mcrypt_decrypt() ...
If I write a
<?php
echo ***";
| |
by: laredotornado |
last post by:
Hello, My hosting company does not support the PHP mcrypt functions.
Instead, they recomend using the command line, /usr/local/bin/mcrypt
utility via PHP's exec method. Sadly, they do not provide any
documentation how to do this. How would i translate the following
function encryptString($p_str)
{
$iv_size = mcrypt_get_iv_size(MCRYPT_XTEA,
MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
|
by: sylvian stone |
last post by:
Hi,
I'm getting some strange errors that I cannot pin down:
Warning: mcrypt_generic_init(): Iv size incorrect; supplied length: 7,
needed: 8 in......
This is strange because the data is encrypted, inserted into the
databse, then later retrieved and decrypted with the necessary hash and
ivector keys.
|
by: codearcher |
last post by:
I have the latest version of XAMPP installed on Windows XP Pro SP2. I
am trying to use mcrypt with rijnndael-128 on ecb:
"
$cr = mcrypt_module_open('rijndael-128','','ecb','') or
die('<br><br>Could not open Module<br><br>');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($cr), MCRYPT_RAND)
or die('<br><br>Could not create iv<br><br>');
mcrypt_generic_init($cr, $key, $iv) or die('<br><br>Could not
initialize mcrypt<br><br>');
$remix =...
|
by: E. Recio |
last post by:
Long story short. I want to use Mac OS/X and PHP. I have a db with
passwords stored under Linux using the crypt("foo", "$1$".$salt."$);
scheme. This means that crypt should execute a CRYPT_MD5 password hash.
I know that Mac OS/X only supports the two DES'. So is there a way I can
use mcrypt, or mhash or ANY library to reproduce php's CRYPT_MD5 crypt()
call?
I don't really have a choice to use another password hash scheme, as the
data is...
|
by: =?UTF-8?Q?Ahmad_=E3=8B=A1_Baitalmal?= |
last post by:
Hi,
I'm having a hard time getting python-mcrypt extension to build.
I installed libmcrypt with --prefix=/usr and I checked that the
library exists
-rwxr-xr-x 1 root wheel 352K Sep 19 16:53 /usr/lib/libmcrypt.
4.4.8.dylib*
lrwxr-xr-x 1 root wheel 21B Sep 19 16:53 /usr/lib/libmcrypt.
4.dylib@ -libmcrypt.4.4.8.dylib
lrwxr-xr-x 1 root wheel 21B Sep 19 16:53 /usr/lib/
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, well explore What is ONU, What Is Router, ONU & Routers main usage, and What is the difference between ONU and Router. Lets take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development projectplanning, coding, testing, and deploymentwithout human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |