Inserting Encrypted Data Into MYSQL DB From PHP

ideffect

Hi,

I am making a script that uses mcrypt to encrypt the data submitted from a user and inserts the data into a database. Everything works except the encrypted data won't submit into the database. It keeps coming up with this error message

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '´ó˜m<ßÍF×†½ÃaâF =tgFX]Oâª Ø¼ß–F[bé4}÷´ÙmdSá>M5<édèèåñûÄÄ' at line 1

I am assuming it has something to do with the quote signs into the encrypted data but I may be worng. What is the solution around this?

Thanks for the help!

Weedpacket

Assuming your diagnosis is correct:

RTFM: [man]mysql_real_escape_string[/man]

ideffect

Well, it inserted into the database but I think it inserted slashes inside the encrypted data which problably messed it up. I still have to test it. If you can think of anything else, let me know.

Thanks.

kburger

Weedpacket wrote:
Assuming your diagnosis is correct:

RTFM: [man]mysql_real_escape_string[/man]

You didn't RTFM, did you? stripslashes()

MarkR

Neither addslashes, nor stripslashes are functions which should ever be used for anything.

Addslashes does not correctly escape binary data in MySQL in all cases.

Stripslashes actually destroys information therefore should never be used.

mysql_real_escape_string is the right escaping function to use when sending binary (etc) data into MySQL. Data do NOT need to be unescaped when coming back out.

Ensure that magic_quotes_runtime and magic_quotes_gpc are always turned off. They are not magic and will definitely corrupt all of your data.

Mark