Link to home
Start Free TrialLog in
Avatar of bookedy
bookedy

asked on

Encode mysql entry

Hi,

I use Dreamweaver and I like using their mysql recordsets (I know i should learn proper mysql but this is easier).

I want to encrypt all the information that is to be submited however I can't seem to figure it out. Can someone show me how to encode all the entries in the code below without changing too much of the code below?

It needs to be two-way encode. I think I need to use AES_ENCRYPT but willing to take any suggestion.

Thanks!

<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) {
  $insertSQL = sprintf("INSERT INTO creditcards (bookingid, cardholdername, address1, address2, town, postcode, cardnumber, validfrommonth, validfromyear, expirymonth, expiryyear, issuenumber, cvc, cardtype, dateadded, status) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['bookingid'], "int"),
                       GetSQLValueString($_POST['cardholdername'], "text"),
                       GetSQLValueString($_POST['address1'], "text"),
                       GetSQLValueString($_POST['address2'], "text"),
                       GetSQLValueString($_POST['town'], "text"),
                       GetSQLValueString($_POST['postcode'], "text"),
                       GetSQLValueString($_POST['cardnumber'], "text"),
                       GetSQLValueString($_POST['validfrommonth'], "text"),
                       GetSQLValueString($_POST['validfromyear'], "text"),
                       GetSQLValueString($_POST['expirymonth'], "text"),
                       GetSQLValueString($_POST['expiryyear'], "text"),
                       GetSQLValueString($_POST['issue'], "text"),
                       GetSQLValueString($_POST['cvc'], "text"),
                       GetSQLValueString($_POST['cardtype'], "text"),
                       GetSQLValueString($_POST['dateadded'], "date"),
                       GetSQLValueString($_POST['status'], "int"));

  mysql_select_db($database_bookedy, $bookedy);
  $Result1 = mysql_query($insertSQL, $bookedy) or die(mysql_error());

  $insertGoTo = "step4.php?id=" . $row_booking['bookingid'] . "";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
?>

Open in new window

SOLUTION
Avatar of onemadeye
onemadeye
Flag of Indonesia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bookedy
bookedy

ASKER

Hi!

I seem to have been able to get the information encrypted - now my problem is the decrypting.

I have the below script which i believe works as i have tested it in mysql however when i try to echo the result, I just get nothing.

mysql_select_db($database_bookedy, $bookedy);
$query_ccinfo = sprintf("SELECT creditid, bookingid, cardholdername, address1, address2, town, postcode, country, AES_DECRYPT(cardnumber,'passwordprotect') AS unencrypted, validfrommonth, validfromyear, expirymonth, expiryyear, issuenumber, cvc, cardtype, dateadded, datetobedeleted, status, adminnotes FROM creditcards WHERE creditid = '15'");

<?php echo $row_ccinfo['cardnumber']; ?>

I think the error is simply coming from the echo. If i echo any of the other information, it works fine. Any ideas?

Thanks!
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial