在我的网站上,我允许用户在那里形成流程,用户将输入
- 15 个文本输入
- 5 图片
正在将表单信息存储在SQL数据库中,并且为了防止SQL注入,我遵循了此处给出的所有方法 现在我需要的是我需要加密表单信息并将其存储到SQL数据库,我需要将所有用户信息存储在加密中并存储在数据库中
我在我的网站中使用另一种方法,用户通知将在一页中检索,因此在此页面中我需要解密所有信息并显示
由于我是网络语言的新手,有人可以帮助我如何即时进行加密和解密
加密我的表单值
try {
#connection
$conn = new PDO('mysql:host=localhost;dbname=localtest', $db_username, $db_password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$data = $conn->prepare('INSERT INTO agriculture (cacat, mtype, mtitle, image1, image2, image3, image4, image5, description, mcondition, cmodel, price, youare, mname, email, phone, ylocation, ystreet) VALUES (:cacat, :mtype, :mtitle, :image1, :image2, :image3, :image4, :image5, :description, :mcondition, :cmodel, :price, :youare, :mname, :email, :phone, :ylocation, :ystreet)');
$cacat = filter_input(INPUT_POST, 'cacat', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$mtype = filter_input(INPUT_POST, 'mtype', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$mtitle = filter_input(INPUT_POST, 'mtitle', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$description = filter_input(INPUT_POST, 'description', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$mcondition = filter_input(INPUT_POST, 'mcondition', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$cmodel = filter_input(INPUT_POST, 'cmodel', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$price = filter_input(INPUT_POST, 'price', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$youare = filter_input(INPUT_POST, 'youare', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$mname = filter_input(INPUT_POST, 'mname', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$phone = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$ylocation = filter_input(INPUT_POST, 'ylocation', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$ystreet = filter_input(INPUT_POST, 'ystreet', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
$data->execute(array(':cacat' => $cacat,
':mtype' => $mtype,
':mtitle' => $mtitle,
'image1' => $file1,
'image2' => $file2,
'image3' => $file3,
'image4' => $file4,
'image5' => $file5, ':description' => $description, ':mcondition' => $mcondition, ':cmodel' => $cmodel, ':price' => $price, ':youare' => $youare, ':mname' => $mname, ':email' => $email, ':phone' => $phone, ':ylocation' => $ylocation, ':ystreet' => $ystreet));
您可以使用 mcrypt 进行操作,请查看以下您可能知道的代码,您所要做的就是在要插入/更新记录加密记录时以及在检索时需要解密记录
<?php
/*
* PHP mcrypt - Basic encryption and decryption of a string
*/
$string = "Some text to be encrypted";
$secret_key = "This is my secret key";
// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
// Encrypt $string
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $string, MCRYPT_MODE_CBC, $iv);
// Decrypt $string
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);
echo "Original string : " . $string . "<br />'n";
echo "Encrypted string : " . $encrypted_string . "<br />'n";
echo "Decrypted string : " . $decrypted_string . "<br />'n";
?>
您可以做的是创建一个用于加密和解密的类
class Security{
private $secret_key;
private $iv;
public function __construct()
{
$this->secret_key = "your key";
$this->iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
}
public function encrypt($string)
{
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->secret_key, $string, MCRYPT_MODE_CBC, $this->iv);
return $encrypted_string;
}
public function decrypt($encryptedString)
{
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->secret_key, $encrypted_string, MCRYPT_MODE_CBC, $this->iv);
}
}
对于AES加密,您可以参考教程
http://aesencryption.net/
你可以
使用密码
您将需要以下代码来加密表单数据
require 'Cipher.php';
// First init the class by calling the constructor
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');
// Loop through POST, an array containing your input values
foreach ($_POST as $key => $value) {
$_POST[$key] = $cipher->encrypt($value);
}
之后,您的 $_POST 将包含加密的表单值。
或者简单地加密一个值:
require 'Cipher.php';
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');
$inputValue = "This is your input value";
$output = $cipher->encrypt($inputValue);
解密输出:
require 'Cipher.php';
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');
$decrypted = $cipher->decrypt($output);