0

I have a variable which has to be encrypted and after that saved to the database via mysqli prepared statement. I use AES-256-CTR. 

$tabvar = openssl_encrypt($final, $encryptionMethod, $secret, OPENSSL_RAW_DATA, $iv);

After the encryption the result looks like this: 5œœ¼Ç=áüû;€é?

This is my php insert code:

$ins = mysqli_prepare($db, "INSERT INTO tab (tid, tabvar) VALUES (?,?)");
mysqli_stmt_bind_param($ins, "ss",$tid,$tabvar); mysqli_stmt_execute($ins);

Because the $tabvar consist of some very strange characters once encrypted, it doesn't get inserted in the database. If I change $tabvar to "i" the row get's inserted, but the entry under tabvar column is 0?

Does anyone have an idea how to solve this?

120382833
  • 123
  • 1
  • 10
  • That's because `openssl_encrypt()` with `OPENSSL_RAW_DATA` returns a binary string. – Magnus Eriksson Nov 02 '16 at 13:43
  • I changed it to "b" and the column to longblob, but it's still empty.. – 120382833 Nov 02 '16 at 13:45
  • 1
    Just encode it with `base64_encode($tabvar)` and store it as an ordinary string? – Magnus Eriksson Nov 02 '16 at 13:49
  • I would need a better encryption than base64_encode.. That's why I am using the above-mentioned solution. – 120382833 Nov 02 '16 at 13:51
  • But the question remains why is the entry row empty on tabvar column.. I have tried varbinary now and it's the same. Could be the lenght issue? – 120382833 Nov 02 '16 at 13:53
  • 1
    I meant that you could encode the binary result from `openssl_encrypt()` with base64... or convert it with `bin2hex($tabvar)`. I didn't mean that you should use it instead... :) – Magnus Eriksson Nov 02 '16 at 13:53
  • Sofar it get's inserted into the DB as well as restored and decrypted.. Will report if anything is malfunctioning. Thanks.. You were really helpful :) – 120382833 Nov 02 '16 at 14:06

0 Answers0