How to echo out decrypt data in PHP

Question

First, i have use aes_encrypt to encrypt the password

Then i have use aes_decrypt to decrypt the password

The issue is when i try to echo out the data in a table using <?php echo $row['pass'];?>, there'll be an error

"Undefined index: pass in"

SQL insert

insert into username (userName,pass) values('$userName', aes_encrypt('$pass','k'))

SQL select

SELECT UserNameID,userName,aes_decrypt(pass,'k') from username

What went wrong?

Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](https://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) — CBroe, Dec 07 '17 at 08:33
Could you show us the sql query. I suspect there is no "pass" alias in it. (eg. aes_decrypt(pass, 'k') AS pass. — vincenth, Dec 07 '17 at 08:34
**Do not encrypt passwords**, when the attacker gets the DB he will also get the encryption key. Just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead use a function such as `PBKDF2`, `Rfc2898DeriveBytes`, `Argon2`, `password_hash`, `Bcrypt` or similar functions with about a 100ms duration. The point is to make the attacker spend substantial of time finding passwords by brute force. — zaph, Dec 07 '17 at 14:06
With PHP use [`password_hash`](http://php.net/manual/en/function.password-hash.php) and [`password_verify`](http://php.net/manual/en/function.password-verify.php), the pair are secure and easy to use. — zaph, Dec 07 '17 at 14:07

score 1 · Accepted Answer · answered Dec 07 '17 at 08:36

1

Don't you need to use an alias here?

SELECT aes_decrypt(pass, 'k') AS pass_decrypted FROM ...

And then access it with

echo $row['pass_decrypted'];

answered Dec 07 '17 at 08:36

Luke Joshua Park

9,527
5
27
44

score 0 · Answer 2 · answered Dec 07 '17 at 08:37

In your result set is the password column named as used function. All you need is to set an alias of that column such as: aes_decrypt(pass,'k') as 'pass':

SELECT UserNameID, userName, aes_decrypt(pass,'k') as pass FROM username

Your PHP code expect the column 'pass' in result set..

How to echo out decrypt data in PHP

2 Answers2