php - mysqli function to store encrypted text -
i have gotten below code work , seems robust: works different languages (utf-8) , want store result in database. problem familiar old, outdated mysql statements , utilize mysqli. can point me simple yet secure function take input , store in database...and show me in code need add together it?
<?php /* * php 5.3.18 on windows xp * * don't have open_ssl active php used mcrypt_rand salt. * adequate exercise. * * encoded salt , encrypted output binary code have converted * output base64 encoding ensure html safe. * * selects appropriate default action in 'do' select list. * * there new 'salt' generated @ each encryption , user prevented * changing making display field 'readonly'. 'hidden' field'. * */ $isencrypted = null; // used set default output options // pre-declare script 'global' variables $key_size = mcrypt_get_key_size(mcrypt_rijndael_128, mcrypt_mode_cfb); $iv_size = mcrypt_get_iv_size(mcrypt_rijndael_128, mcrypt_mode_cfb); if($_post){ // have input... $encryption_key = $_post["key"]; $string = $_post["msg"]; // may base64 encoded... if($_post["do"]=="encrypt"){ $isencrypted = true; // used set defaults $iv = mcrypt_create_iv($iv_size, mcrypt_rand); // new salt each encryption $result = mcrypt_encrypt(mcrypt_rijndael_128, $encryption_key, $string, mcrypt_mode_cfb, $iv); $result = base64_encode($result); // $result binary encode html safe. }else{ $isencrypted = false; // used set defaults $iv = base64_decode($_post["iv"]); // current salt converted binary format $string = base64_decode($string); // convert encoded text binary string $result = mcrypt_decrypt(mcrypt_rijndael_128, $encryption_key, $string, mcrypt_mode_cfb, $iv); } }else{ // no input create useful... $isencrypted = false; // used set default actions $result = 'enter text encrypt...'; // sample text $iv = mcrypt_create_iv($iv_size, mcrypt_rand); // new salt $encryption_key = substr('testing!' . uniqid() . '!testing', 0, $key_size); } ?> <!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>test encryption base64 encoding.</title> </head> <body> <div class="main" id="main"> <!-- heading --> <strong><?php echo $isencrypted ? 'encrypted' : 'decrypted'; ?></strong><br/> <form method="post" action=""> <!-- not allow user alter salt setting 'readonly' --> <input type="text" value="<?php echo base64_encode($iv); ?>" readonly name="iv"/> <br/> <!-- supply suggested password user can alter --> <input type="text" value="<?php echo $encryption_key; ?>" name="key"/><br/> <!-- either show encoded text html safe string --> <!--- or show plain text --> <textarea name="msg" ><?php echo $result; ?></textarea><br/> <!-- set appropriate action default --> <select name="do"> <option <?php echo $isencrypted ? 'selected' : ''; ?>>decrypt</option> <option <?php echo $isencrypted ? '' : 'selected'; ?>>encrypt</option> </select><br/> <input type="submit" value="go"/> </form> </div> </body> </html>
you still writing 'old' mysql statements, because 'mysqli' improved driver (hence, "i") take advantage of features in mysql >= 4.1. considered 'dual procedural , object-oriented api'. instance, connect mysql db, either of following:
// mysqli, procedural way $mysqli = mysqli_connect('localhost','username','password','database'); // mysqli, object oriented way $mysqli = new mysqli('localhost','username','password','database'); you should @ pdo driver (php info objects), provides info access abstraction layer allowing code access many more dbms besides , including mysql.
php mysqli
No comments:
Post a Comment