-4

In my website i allow user to form process there user will enter

  • 15 text input
  • 5 images

am storing form information in SQL database, And to protect from SQL injection i followed all method given here now what i need is i need to encrypt and store form information to SQL database i need to store all user information in encrypted and store in database

And i use another method in my website user inform will be retrieved in one page so in this page i need to decrypt all information and display

since am new to web language can some one help me how do i do encryption and decrytion on fly

encrypt my form value

try {
#connection 
    $conn = new PDO('mysql:host=localhost;dbname=localtest', $db_username, $db_password);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $data = $conn->prepare('INSERT INTO agriculture (cacat, mtype, mtitle, image1, image2, image3, image4, image5, description, mcondition, cmodel, price, youare, mname, email, phone, ylocation, ystreet) VALUES (:cacat, :mtype, :mtitle, :image1, :image2, :image3, :image4, :image5, :description, :mcondition, :cmodel, :price, :youare, :mname, :email, :phone, :ylocation, :ystreet)');
    $cacat = filter_input(INPUT_POST, 'cacat', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $mtype = filter_input(INPUT_POST, 'mtype', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $mtitle = filter_input(INPUT_POST, 'mtitle', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $description = filter_input(INPUT_POST, 'description', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $mcondition = filter_input(INPUT_POST, 'mcondition', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $cmodel = filter_input(INPUT_POST, 'cmodel', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $price = filter_input(INPUT_POST, 'price', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $youare = filter_input(INPUT_POST, 'youare', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $mname = filter_input(INPUT_POST, 'mname', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $phone = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $ylocation = filter_input(INPUT_POST, 'ylocation', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $ystreet = filter_input(INPUT_POST, 'ystreet', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $data->execute(array(':cacat' => $cacat,
        ':mtype' => $mtype,
        ':mtitle' => $mtitle,
        'image1' => $file1,
        'image2' => $file2,
        'image3' => $file3,
        'image4' => $file4,
        'image5' => $file5, ':description' => $description, ':mcondition' => $mcondition, ':cmodel' => $cmodel, ':price' => $price, ':youare' => $youare, ':mname' => $mname, ':email' => $email, ':phone' => $phone, ':ylocation' => $ylocation, ':ystreet' => $ystreet));
Community
  • 1
  • 1
creator
  • 51
  • 15

2 Answers2

0

You can do it with the mcrypt please take a look at following code you may get idea, what you have to do is when you are going to insert/update record encrypt records and at time of retrieve you need to decrypt record

<?php
/*
 * PHP mcrypt - Basic encryption and decryption of a string
 */
$string = "Some text to be encrypted";
$secret_key = "This is my secret key";

// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

// Encrypt $string
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $string, MCRYPT_MODE_CBC, $iv);

// Decrypt $string
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);

echo "Original string : " . $string . "<br />\n";
echo "Encrypted string : " . $encrypted_string . "<br />\n";
echo "Decrypted string : " . $decrypted_string . "<br />\n";
?>

what you can do is you can create a class for encryption and decryption 

class Security{
      private $secret_key;

      private $iv;

      public function __construct()
      {
           $this->secret_key = "your key";
           $this->iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
      } 

      public function encrypt($string)
      {
            $encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->secret_key, $string, MCRYPT_MODE_CBC, $this->iv);

            return $encrypted_string;
      }

      public function decrypt($encryptedString)
      {
                $decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->secret_key, $encrypted_string, MCRYPT_MODE_CBC, $this->iv);
      }


}

for AES Encryption you can refeer tutorial

http://aesencryption.net/

Anand Patel
  • 3,885
  • 3
  • 17
  • 23
0

You could use Cipher

You would need the following code to encrypt your form data

require 'Cipher.php';

// First init the class by calling the constructor
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');

// Loop through POST, an array containing your input values
foreach ($_POST as $key => $value) {
    $_POST[$key] = $cipher->encrypt($value);
}

After that your $_POST will contain the encrypted form values.

Or to simply encrypt one value:

require 'Cipher.php';
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');
$inputValue = "This is your input value";
$output = $cipher->encrypt($inputValue);

To Decrypt the output:

require 'Cipher.php';
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');
$decrypted = $cipher->decrypt($output);
Peter
  • 8,776
  • 6
  • 62
  • 95