ansaurus

Question

Answer 1

+1 A:

Well, try this:

mysql> create table test(user varchar(100), password varchar(100));
Query OK, 0 rows affected (0.09 sec)

mysql> insert into test(user,password) values('patrick', AES_ENCRYPT('password', 'mykey'));
Query OK, 1 row affected (0.00 sec)

mysql> select * from test where user = 'patrick';
+---------+------------------+
| user    | password         |
+---------+------------------+
| patrick | fucked stuff     |
+---------+------------------+

mysql> update test set password = AES_ENCRYPT('new password', 'mykey') where user = 'patrick';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select AES_DECRYPT(password, 'mykey') from test where user = 'patrick';
+--------------------------------+
| AES_DECRYPT(password, 'mykey') |
+--------------------------------+
| new password                   |
+--------------------------------+

Patrick MARIE 2010-02-15 10:24:25

Well, when I wrote "fucked stuff", it is not really written this, but fucked stuff, like binary stuff printed to screen, it blows out your terminal :)

Patrick MARIE 2010-02-15 10:25:32

$query="update users set test=AES_ENCRYPT('newvalue', 'mykey') where id = '0'"; mysql_query($query) or die(mysql_error());The starting value the field is: START. After run the above query field will EMPTY. The field is VARCHAR 100, utf8_bin. Whats wrong?

Holian 2010-02-15 10:47:00

Are you sure it is empty or just unprintable (and you can not see it) ? Try "SELECT AES_DECRYPT(test, 'mykey') FROM users WHERE id = '0';" to verify it.

Patrick MARIE 2010-02-15 10:55:43

i look it in the phpmyadmin. its empty..(i try it with a query to...but its really empty..)

Holian 2010-02-15 12:04:46

i know its crazy..but it seems the problem is the string what i want to encode..if i try with your example then i get: in the database. Then i try with : fuck (sorry..im angry..) then i its empty..If i type: its a long long story..then i get : >

Holian 2010-02-15 12:38:11

somethig wrong with the string, or the "key" parameter...maybee Windows problem?

Holian 2010-02-15 17:07:03

maybe, I don't know. If you don't know how to resolv this one, you should consider using php's mcrypt+base64_encode/decode functions instead of AES_ENCRYPT/AES_DECRYPT in mysql.

Patrick MARIE 2010-02-15 17:47:22

after change field from VARCHAR to BOLB then its OK! Only i cant read it from PHP. IF i try from phpmyadmin then ok. But with this: $q=mysql_query("select AES_DECRYPT(test, 'mykey') from users where id='4'");$pe=mysql_fetch_array($q);$text=$pe["test"];echo $text;Echo is empty. If i query without Decrypt then echo the decoded text. Whats wrong with this PHP code?

Holian 2010-02-15 18:22:53

ooh..i got it. I have to "name it".....as test2 from users ...

Holian 2010-02-15 18:54:57

Answer 2

A:

The second code snippet does not assign the return value of AES_ENCRYPT to any column, thus your UPDATE syntax is incorrect. See http://dev.mysql.com/doc/refman/5.1/en/update.html .

If you want to store the encrypted data in a column named "info", your update statement at would be ... info=AES_ENCRYPT( ...

The third code snipped is not valid because you're trying to evaluate a function named AES_ENCRYPT in PHP. Most likely there is no such function in your PHP environment, so the PHP interpreter aborts with an error.

Daniel M. 2010-02-15 10:26:00

Answer 3

A:

`$query="update users set (test='".$_POST['info']."',  test_encrypted = AES_ENCRYPT('".$_POST['info']."', 'secretkey') ) where name='".$_SESSION['user']."'";
 mysql_query($query) or die(mysql_error());`

If you want to encrypt sql query entirely, use ssl support on server, not in php client-side.

shuvalov 2010-02-15 10:26:43

ansaurus

tags:

views:

answers:

Storing information ecoded in mysql

related questions