使用PHP从mysql数据库中解密某些字段

时间:2013-12-25 10:52:02

标签: php mysql sql encryption

我有这个PHP脚本

 <?php
//assume this is the key, declared as variable $cipherKey in the file cipherkey.php.
include ('cipherkey.php')
class Cipher {
    private $passKey;
    private $iv;

    function __construct( $inputKey ) {
        $this->passKey = hash( 'sha256', $inputKey, true );
        $this->iv = mcrypt_create_iv( 32 );
    }

    function encryptThis( $inputText ) {
        $cipher = mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $this->passKey,$inputText,  MCRYPT_MODE_ECB, $this->iv );
        $encrypted = base64_encode( $cipher );
        return $encrypted;
    }

    function decryptThis( $inputText ) {
        $decipher = mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $this->passKey, base64_decode( $inputText ), MCRYPT_MODE_ECB, $this->iv );
        $decrypted = trim( $decipher );
        return $decrypted;
    }
}

?>

此脚本用于加密像这样的mysql数据库中的某些字段;

if( isset( $prescRequester, $patientName, $patientDOB, $contactPhone, $medType1, medType1_dose, $medType1_freq, $pharmacyName, $pharmacyPhone ) ) {
$prep = $db->prepare(
    "INSERT INTO renal_prescRequest(
        date,
        prescRequester,
        patientRelationship,
        patientName,
        patientDOB,
        contactPhone,
        contactEmail,
        physician,
        medProvider,
        medType1,
        medType1_dose,
        medType1_freq,
        medType2,
        medType2_dose,
        medType2_freq,
        medType3,
        medType3_dose,
        medType3_freq,
        ninetyDaySupply,
        pharmacyName,
        pharmacyPhone,
        comments
    ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )
    ");
$prep->bind_param(
        'ssssssssssssssssssssss',
        $date,
        $cipher->encryptThis( $prescRequester ),
        $cipher->encryptThis( $patientRelationship ),
        $cipher->encryptThis( $patientName ),
        $cipher->encryptThis( $patientDOB ),
        $cipher->encryptThis( $contactPhone ),
        $cipher->encryptThis( $contactEmail ),
        $physician,
        $medProvider,
        $cipher->encryptThis( $medType1 ),
        $medType1_dose,
        $medType1_freq,
        $cipher->encryptThis( $medType2 ),
        $medType2_dose,
        $medType2_freq,
        $cipher->encryptThis( $medType3 ),
        $medType3_dose,
        $medType3_freq,
        $ninetyDaySupply,
        $pharmacyName,
        $pharmacyPhone,
        $comments
    );

$prep->execute();
$prep->close();

$db->close();

我不是此代码的作者。但我应该解密加密字段。所以我做了这样的事情;

  $cipher = new Cipher ( $cipherKey );
  $id = $_GET['id'];

  $query = "SELECT * FROM renal_clinicalTrial WHERE id = '".$id."'";
      $result  = mysql_query($query);
     if(!$result){
    die("Unable to perform query". mysql_error());
}

while($row = mysql_fetch_array($result)){
  $firstname = $row[firstName];
  $lastname = $row[lastName];
  $address = $row[address];
  $city = $row[city];
  $state = $row[state];
  $zipcode = $row[zipcode];
  $email = $row[contactEmail];
  $phone = $row[contactPhone];
    $cipher->decryptThis($firstname);
    $cipher->decryptThis($lastname);
    $cipher->decryptThis($address);
    $cipher->decryptThis($city);
    $cipher->decryptThis($state);
    $cipher->decryptThis($zipcode);
    $cipher->decryptThis($email);
    $cipher->decryptThis($phone);

当我向浏览器显示字段时,我获取加密数据而不是解密数据。有什么我在这里可以忽略的。谢谢!

1 个答案:

答案 0 :(得分:1)

Cipher decryptThis()方法返回一个值,因此您需要指定返回的值

$firstname = $cipher->decryptThis($firstname);
.... etc

或修改方法以接受其参数by reference而不是by value(但不建议保持调用的一致性)