Home/ Questions/Q 5840361
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T11:43:59+00:00

I’m storing a sensitive, 16 character user string in a MySQL table via the

  • 0

I’m storing a sensitive, 16 character user string in a MySQL table via the PDO functions within PHP5. I have a pair of native encryption/decryption functions as follows:

function encrypt($in)
{

    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $enc = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,ENCRYPT_KEY, $in, MCRYPT_MODE_ECB, $iv);

    return $enc;
}

function decrypt($in)
{

    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,ENCRYPT_KEY, $in, MCRYPT_MODE_ECB, $iv);

    return $dec;
}

Where ENCRYPT_KEY is a previously defined global constant.

I firstly encrypt() the string, then INSERT the record into the nominated table. Every so often, I need to cycle through this information via a SELECT statement, then decrypt() the results for processing.

Now, this happens perfectly for every case except one.

On the select/decryption cycle, one (and only) record from about 50 decrypts as gobbledy-goop. I cannot see anything wrong with the encrypt() and decrypt() functions, and have repeatedly INSERTed the record in question with the same results. A call like below:

echo decrypt(encrypt($string));

Works fine. Therefore, the only thing that I have come up with is that MySQL is failing to correctly store the encrypted version of this particular string, but I’m at a loss as to why. The storage function is as follows:

function update_sensitive_details($sensitive)
{
    $this->store_sensitive = encrypt($sensitive);

    try
    {
        $sql = "UPDATE table SET store_sensitive = ? WHERE (id = ?);";
        $sth = $this->registry->db->prepare($sql);
        $sth->execute(array($this->store_sensitive,$this->id));
    }
    catch (PDOException $p)
    {
        log_error($p);
        return false;
    }

    return true;
}

This does not result in any errors, and I can confirm that this does in fact update the table with data (although as it is encrypted it is unintelligable when viewed in phpMyAdmin.

Does anyone have any ideas about what might be going on here? I’m stumped. The only thing I can think of is that the particular encrypted string isn’t being properly stored by MySQL, as even changing one of the sixteen characters fixes the problem. I would have thought this would have been prevented by PDO, but perhaps not.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try wrapping your encrypted data with base64_encode() and then base64_decode() before decrypting it. I’ve had data corrupt in MySQL in some instances and this has always fixed it.

    function encrypt($in)
{

    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $enc = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,ENCRYPT_KEY, $in, MCRYPT_MODE_ECB, $iv);
    $enc = base64_encode($enc);
    return $enc;
}

function decrypt($in)
{
    $in = base64_decode($in);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,ENCRYPT_KEY, $in, MCRYPT_MODE_ECB, $iv);

    return $dec;
}
    • 0