I have field 'groupname' encrypted in my db table and would like to decrypt it for search results using the following
$group = openssl_decrypt($row2[groupname], $method, $key); but along the way something is failing and the profile heading doesn't display at all. The field ''groupname' populates search results in a search field as you type it in the search box.


    if(isset($_REQUEST["term"])){ 
    $queryg = "SELECT * FROM table WHERE groupname LIKE ? AND identify = 2 AND reg = 1";  
    
if($stmt = mysqli_prepare($con, $queryg)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_term); // Set parameters $param_term = '%' . $_REQUEST["term"] . '%'; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ $result = mysqli_stmt_get_result($stmt); // Check number of rows in the result set if(mysqli_num_rows($result) > 0){ echo '<p class="resulthead">Profiles</p>'; // Fetch result rows as an associative array while($row2 = mysqli_fetch_array($result, MYSQLI_ASSOC)){ echo "<p><a href=\"/public/" . $row2["memberid"] . "/" . openssl_decrypt($row2[groupname], $method, $secret_key) . "\">" . openssl_decrypt($row2[groupname], $method, $secret_key) . "</a></p>"; } } } else{ echo "ERROR: Could not able to execute $sql. " . mysqli_error($con); } } // Close statement mysqli_stmt_close($stmt); } // close connection mysqli_close($con); ?>

If groupname is encrypted in the DB, then if you want to search against it in a query, the search term will need to be encrypted the same way, too; and you'll only be able to get the same encrypted value if it is the full string ()therefore using like makes no sense to me). Or, I'm misunderstanding what you are doing?

Assuming I'm right, then if(mysqli_num_rows($result) > 0){ will always be false.

NogDog Running queries on encrypted data can be tricky. Just because $needle as a substring of $haystack, that does not guarantee that encrypt($needle) is a substring of encrypt($haystack).

crawdidly openssl_decrypt($row2[groupname], $method, $secret_key)

There also looks like there could be some "Undefined constant" warnings going on, and @crawdidly is still using PHP 7. But maybe that's some sort of anonymisation slip-up (like having a table named "table").

Also want to point out that there's nothing "asychronous" about any of this.

    I named the field wrong in the search query statement, and also I had to add full text index to the db field.

      Write a Reply...