Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 534
  • Last Modified:

Modify form variable before submit in PHP

Although this may not be necessary, and please explain if this is the case, I'm trying to encrypt a password
string before sending the value through to the processing page to insert into the database on new user registration.

I would like to do this as a security measure so in the form POST between the pages the password input field
value is already encrypted.

Question.  Can I call the encryption function (this part works) in the form before POST and send the encrypted string
to the POST variable instead of the plain text password?  The encryption routine I would like to call before post is a PHP
  • 3
1 Solution
No. PHP is a server side language, so you can't run any code between page generation and receiving the form.  You could use a client-side method, such as Javascript, with all the security and compliance issues that go along with that.

However, you can encrypt the contents of the form data before you put it in the database.  Someone would have to intercept the form submission or modify your scripts to steal the password.
Why don't you just use SSL  and then not worry about encrypting within the actual pages.

trying to do encryption that is reversable in javascript really ins't a good idea since the code you use to encrypt is available.  I mean if you can md5 encrypt stuff then pass it over but its pretty useless to you that way since you can't decrypt it at that point.  

What type of information are you trying to encrypt before you post it to the next page?
here is a javascript md5 encryption function if you want to use that to encrypt before you submit your form


Hope that helps you out if you decide to use the javascript method instead of securing with SSL.

if you were just asking how to call the function on post then here it is.

instead of using and submit button do this:

<form name="formname">
<input name="newsubmitbutton" type = "button" onclick=  "alterpassword();" value="Sign up">

function alterpassword()
      document.formname.passwordbox.value = md5encryptfunction(document.formname.passwordbox.value);
Try this,

echo "Registration page";

echo "<script lang='javascript>function cryptt(){".
 "document.register.pwd.value = \"".encrypt($_GET['pwd'])."\";   document.register.submit();".

addUser($database, $host, $db_user, $db_pass, $_GET['user'], $_GET['pwd']);
<form name=register action="register.php">
      <input type=text name=user>
      <input type=password name=pwd value="" >
      <input type=button name=sub value=ok onclick="cryptt()">
function encrypt($string) {//hash then encrypt a string
    $crypted = crypt(md5($string), md5($string));
    return $crypted;

function addUser($database, $host, $db_user, $db_pass, $username, $password) { //add user to table logins
    $linkID = mysql_connect($host, $db_user, $db_pass);
    mysql_select_db($database, $linkID);
    $password = encrypt($password);
    $username = encrypt($username);
    mysql_query("insert into logins values ('$username', '$password')", $linkID);

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now