我正在通过以下php代码从一个页面传递信息..
Index.php页面:
<?php
include("secure/content/database/db.php");
$sql = mysql_query("SELECT * FROM press");
while($re = mysql_fetch_array($sql))
{
$id= (int) $re['id'];
$key = "bladeyeshibbir?1%59";
$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM)
$encrypted_data=mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $id, MCRYPT_MODE_ECB, $iv);
$id = urlencode(base64_encode($encrypted_data));
$page = mysql_real_escape_string(trim($re['pagename']));
$content = mysql_real_escape_string(trim($re['content']));
echo "<li><a href='press.php?id=$id&request=$md'>$page</a></li>";
}
?>
Press.php页面
<?php
include("secure/content/database/db.php");
include("header.php");
$id = $_REQUEST["id"];
$key = "bladeyeshibbir?1%59#";
$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM)
$decrypted_data=mcrypt_decrypt(MCRYPT_3DES, $key, $id, MCRYPT_MODE_CBC, $iv);
$url_id = base64_decode(urldecode($decrypted_data));
$request = $_REQUEST['request'];
$sql = mysql_query("SELECT * FROM press WHERE id='$url_id' ");
$re = mysql_fetch_array($sql);
$pagename = mysql_real_escape_string(trim($re['pagename']));
$content = mysql_real_escape_string(trim($re['content']));
echo "<title>$pagename</title>";
echo $content;
include("fotter.php");
?>
但是我收到了这个错误:
警告:mcrypt_decrypt()[function.mcrypt-decrypt]:尝试使用 空IV,不建议在C:\ xampp \ htdocs \ audock \ press.php中使用 在第10行。
实际上,我想要的是用户无法看到查询字符串变量的实际值。
答案 0 :(得分:0)
结帐this post。您不应将mcrypt_ecb与mcrypt_decrypt一起使用,而应使用mcrypt_encrypt。然后,当使用mcrypt_encrypt进行加密时,您需要创建一个带有mcrypt_create_iv(docs here)的初始化向量,您之后应该使用该初始化向量进行解密。
答案 1 :(得分:0)
使用零字节iv的示例
$encrypted_data=mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $id, MCRYPT_MODE_ECB, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");