Question

在我的网站中，我允许用户在那里进行表单处理

15文字输入
5张图片

我正在SQL数据库中存储表单信息，为了防止SQL注入i followed all method given here 现在我需要的是我需要加密并将表单信息存储到SQL数据库我需要将所有用户信息存储在加密的中并存储在数据库中

我在我的网站上使用另一种方法用户通知将在一页中检索，因此在此页面中我需要解密所有信息并显示

因为我是网络语言的新手可以帮助我如何在飞行中加密和解密

加密我的表单值

try {
#connection 
    $conn = new PDO('mysql:host=localhost;dbname=localtest', $db_username, $db_password);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $data = $conn->prepare('INSERT INTO agriculture (cacat, mtype, mtitle, image1, image2, image3, image4, image5, description, mcondition, cmodel, price, youare, mname, email, phone, ylocation, ystreet) VALUES (:cacat, :mtype, :mtitle, :image1, :image2, :image3, :image4, :image5, :description, :mcondition, :cmodel, :price, :youare, :mname, :email, :phone, :ylocation, :ystreet)');
    $cacat = filter_input(INPUT_POST, 'cacat', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $mtype = filter_input(INPUT_POST, 'mtype', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $mtitle = filter_input(INPUT_POST, 'mtitle', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $description = filter_input(INPUT_POST, 'description', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $mcondition = filter_input(INPUT_POST, 'mcondition', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $cmodel = filter_input(INPUT_POST, 'cmodel', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $price = filter_input(INPUT_POST, 'price', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $youare = filter_input(INPUT_POST, 'youare', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $mname = filter_input(INPUT_POST, 'mname', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $phone = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $ylocation = filter_input(INPUT_POST, 'ylocation', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $ystreet = filter_input(INPUT_POST, 'ystreet', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
    $data->execute(array(':cacat' => $cacat,
        ':mtype' => $mtype,
        ':mtitle' => $mtitle,
        'image1' => $file1,
        'image2' => $file2,
        'image3' => $file3,
        'image4' => $file4,
        'image5' => $file5, ':description' => $description, ':mcondition' => $mcondition, ':cmodel' => $cmodel, ':price' => $price, ':youare' => $youare, ':mname' => $mname, ':email' => $email, ':phone' => $phone, ':ylocation' => $ylocation, ':ystreet' => $ystreet));

Answer 1

你可以使用mcrypt来看看你可能会想到的以下代码，你要做的是当你要插入/更新记录加密记录时，在检索时你需要解密记录< / p>

<?php
/*
 * PHP mcrypt - Basic encryption and decryption of a string
 */
$string = "Some text to be encrypted";
$secret_key = "This is my secret key";

// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

// Encrypt $string
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $string, MCRYPT_MODE_CBC, $iv);

// Decrypt $string
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);

echo "Original string : " . $string . "<br />\n";
echo "Encrypted string : " . $encrypted_string . "<br />\n";
echo "Decrypted string : " . $decrypted_string . "<br />\n";
?>

你可以做的是你可以创建一个加密和解密的类

class Security{
      private $secret_key;

      private $iv;

      public function __construct()
      {
           $this->secret_key = "your key";
           $this->iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
      } 

      public function encrypt($string)
      {
            $encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->secret_key, $string, MCRYPT_MODE_CBC, $this->iv);

            return $encrypted_string;
      }

      public function decrypt($encryptedString)
      {
                $decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->secret_key, $encrypted_string, MCRYPT_MODE_CBC, $this->iv);
      }


}

对于AES加密，您可以提供教程

http://aesencryption.net/

Answer 2

您可以使用Cipher

您需要以下代码来加密表单数据

require 'Cipher.php';

// First init the class by calling the constructor
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');

// Loop through POST, an array containing your input values
foreach ($_POST as $key => $value) {
    $_POST[$key] = $cipher->encrypt($value);
}

之后，$ _POST将包含加密的表单值。

或简单地加密一个值：

require 'Cipher.php';
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');
$inputValue = "This is your input value";
$output = $cipher->encrypt($inputValue);

解密输出：

require 'Cipher.php';
$cipher = new Cipher('AvErrySeCretPasSw0rd!1!2!3!');
$decrypted = $cipher->decrypt($output);

处理时加密表单并在显示时解密

加密我的表单值

2 个答案: