PHP syntax for AES_ENCRYPT MYSQL

I am sending data to my server which I want to ,AES_ENCRYPT ... I tried to insert it like below but nothing shows up in the Database ... doesn't throw and err just does not record the data ... to check I retrieve the data and the Columns are empty ... what am I doing wrong ?


$key = ($_POST['Key']);
$Incident = mysql_real_escape_string($_POST['Incident']);
$ First_Name = mysql_real_escape_string($_POST[' First_Name']);
$Last_Name = mysql_real_escape_string($_POST['Last_Name']);

$sql="INSERT INTO $tbl_name(Incident, Last_Name, First_Name)VALUES('$Incident', '$Ic_number', AES_ENCRYPT('$Last_Name','$key') ,AES_ENCRYPT('$First_Name','$key'))";

Open in new window


and while I'm asking what is the syntax for updating a record

      
$sql="UPDATE $tbl_name 
	SET Last_Name='".$Last_Name."', First_Name='".$First_Name."', 
	WHERE Incident='".$Incident."'

Open in new window

dolamitejenkinsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
On the second part of the question, this is how I would write it, assuming that all of the variables in the query have been properly escaped.  You might want a LIMIT clause.

$sql = <<<EOD
UPDATE $tbl_name 
SET Last_Name='$Last_Name', First_Name='$First_Name'
WHERE Incident='$Incident'
EOD;

echo $sql;

Open in new window

0
Ray PaseurCommented:
On the first part of the question, the PHP script contains a parse error, so it will not run at all.  I might rewrite it a bit more like this:

$key = $_POST['Key'];
$Incident   = mysql_real_escape_string($_POST['Incident']);
$First_Name = mysql_real_escape_string($_POST[' First_Name']);
$Last_Name  = mysql_real_escape_string($_POST['Last_Name']);

$sql="INSERT INTO $tbl_name (Incident, Last_Name, First_Name) VALUES ('$Incident', '$Ic_number', AES_ENCRYPT('$Last_Name','$key') ,AES_ENCRYPT('$First_Name','$key'))";

Open in new window

How are you checking to ensure that the value in $_POST['key'] is usable?  Where is $Ic_number defined?  How are you testing to see if the query works or fails?  Hint: It will fail because the number of columns and values are mismatched.
0
dolamitejenkinsAuthor Commented:
Sorry the code works perfectly without the encryption ... I tried to chop my code down to a managable size which created errors that I don't have ... this code works perfectly without the AES encryption... but here it the whole thing
 // Insert record
	$sql="INSERT INTO $tbl_name(Incident, Ic_number, Last_Name, First_Name, Age, Gender, Address, City, State, Zip, Ailment, Treatment, Patient_reprt, Initial_contact, Hospital, Destination, Inservice ,Loi, Coas, Mobility, Provider_1, Provider_2,VenueEvent, Sys,Dia,Pulse, Resp, Weather, Temp, Humid, Wind, TimeStamp, Refusal, image)VALUES('$Incident', '$Ic_number', AES_ENCRYPT('$Last_Name','$key') ,AES_ENCRYPT('$First_Name','$key'), '$Age','$Gender', '$Address','$City','$State','$Zip','$Ailment', '$Treatment','$Patient_reprt','$Initial_contact','$Hospital', '$Destination', '$Inservice','$Loi','$Coas','$Mobility', '$Provider_1', '$Provider_2','$VenueEvent', '$Sys', '$Dia','$Pulse','$Resp','$Weather','$Temp','$Humid','$Wind','$TimeStamp','$Refusal','$image')";

Open in new window




$sql="UPDATE $tbl_name 
	SET Last_Name='".$Last_Name."', First_Name='".$First_Name."', Age='".$Age."',Gender='".$Gender."', Address='".$Address."', City='".$City."',State='".$State."', Zip='".$Zip."', Ailment='".$Ailment."',Treatment='".$Treatment."', Patient_reprt='".$Patient_reprt."', Initial_contact='".$Initial_contact."',Hospital='".$Hospital."', Destination='".$Destination."',Inservice='".$Inservice."' ,Loi='".$Loi."',Coas='".$Coas."',Mobility='".$Mobility."', Provider_1='".$Provider_1."', Provider_2='".$Provider_2."',VenueEvent='".$VenueEvent."',Sys='".$Sys."', Dia='".$Dia."', Pulse='".$Pulse."',Resp='".$Resp."', Weather='".$Weather."', Temp='".$Temp."',Humid='".$Humid."', TimeStamp='".$TimeStamp."',Refusal='".$Refusal."', image='".image."'
	WHERE Incident='".$Incident."' AND  Ic_number='".$Ic_number."'";

Open in new window

only a sample of the POST

$key = ($_POST['Key']);
$Incident = mysql_real_escape_string($_POST['Incident']);
$Ic_number = mysql_real_escape_string($_POST['Ic_number']);
$Last_Name = mysql_real_escape_string($_POST['Last_Name']);
$First_Name = mysql_real_escape_string($_POST['First_Name']);
$Age = mysql_real_escape_string($_POST['Age']);
$Gender = mysql_real_escape_string($_POST['Gender']);
$Address = mysql_real_escape_string($_POST['Address']);
$City = mysql_real_escape_string($_POST['City']);
$State = mysql_real_escape_string($_POST['State']);

Open in new window

0
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Ray PaseurCommented:
This INSERT and UPDATE query do not look anything like the queries posted with the question!  Where did all these extra fields come from?

I think we need you to create the SSCCE and post it here so we can start working on the same code and data that you really have.  A good way to do this would be to create the tables, load the data, and then show us the queries that mutate the data.  Once we have that part of it, we can try to show you the changes needed to get it all working correctly.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dolamitejenkinsAuthor Commented:
I tried to explain the first is a cut down sample of my code ... the second posting  is the actual full length code that works perfectly until I try to encrypt it
0
dolamitejenkinsAuthor Commented:
I figured it Out ... to see it in  encrypted data I had to change the column to Binary or varbinary
0
Ray PaseurCommented:
@dolamitejenkins: Please see the grading guidelines here:
http://support.experts-exchange.com/customer/portal/articles/481419

You owe us an explanation of why you gave the worst possible grade anyone can give at EE.  In this case, you were asked for the SSCCE and you did not provide it.  So you should not have closed the question at all!

The correct way to handle this question is to post the solution, and accept your own comment as the answer, not to give a bad grade to others who are trying to help you.

And really, learn about the SSCCE -- it will help you get answers if you just use the process!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.