0

I am trying to store some data in a mysql database through a php script. The data that I am trying to store is encrypted and so this means that it stores something like this:

'$ñŠN4Åßv4ñ•ÜÅصÙÜqÚö4Þ§ƒÑìèêù¬a+µºeN¶†)‰ož¥´™³¯BâPqt‡š3ÊØyGyŠí!¬‚ƒý`,È-SFn­…,˜EïÕ¬_¯ ÛÆ1y©aœ«#˜¼öe÷·2,¢‹éUËx‰0ý`ΪÄÅŒ1²ljìí -{6“6{Êܤ^3ùˆ-G¹'

However, when I try to construct my query, I get an error connecting to the database as these encrypted values sometimes have quotation marks (' or ") and commas meaning that the query is wrongly interpreted.

Is there a way that I can ignore the commas and quotes in this data so that my query is properly interpreted and so a value like the one above can be stored?

Many Thanks.

(My query works when I simply put in plaintext and no encrypted data)

Onglo
  • 181
  • 1
  • 11

3 Answers3

1

You can simply do a mysql escape which escapes special characters in a string for use in an SQL statement.

Eg..

<?php
$con=mysqli_connect("localhost","my_user","my_password","my_db");

$encrypted = mysqli_real_escape_string($con, $encryptedText);

$sql="INSERT INTO table (columnName) VALUES ($encrypted)";

mysqli_query($con,$sql);

?>
Kervon Ryan
  • 684
  • 1
  • 10
  • 20
0

I am thinking if that is how your data looks, you could declare the data type of your table's column to be a blob then if you are using PHP you could use pdo functions to do CRUD in your MySQL database. I hope this helps.

Joseph
  • 789
  • 1
  • 9
  • 23
0

Using prepared statements is the best way to go in my opinion but you should learn about escaping too, it is something you should know.

Prepared statements are easy, basically 

SELECT something FROM somewhere WHERE this = :that

bind('that', $val)

You should look into PDO, this will help https://phpdelusions.net/pdo

thor
  • 21,418
  • 31
  • 87
  • 173
Jason Stephenson
  • 210
  • 1
  • 8