Data encryption in php mysql

Encryption, Decryption and MySQL in PHP is very important these days with hacker after hacker out there always ready to find new crafty ways to steal your customer’s information. Do not be a victim here because you do not have to be! Be proactive in your efforts to make your customers’ websites be a fortress of security.

PHP Encryption Decryption Key

In order to start this process we will need to create a simple key, I like to keep mine about 45 characters long but you can do what you like. Here is the script you will need to follow along in this tutorial.

//THE KEY FOR ENCRYPTION AND DECRYPTION
$key = 'qkwjdiw239&&jdafweihbrhnan&^%$ggdnawhd4njshjwuuO';

PHP Encryption Code

Before inserting content into a database, encrypt it. You cannot rely upon the MySQL structure of binary or varbinary to encrypt data because all someone has to do in phpMyAdmin is import it then convert to text, varchar or something else that makes it human readable. The best things in life are free, right? Well, here is a free script that is going to protect you and your clients from hackers stealing private information.

Encryption Function in PHP

This PHP function is all you need to do the work of encryption before storing it in your database. This will take your data along with the key and encrypt the information.

//ENCRYPT FUNCTION
function encryptthis($data, $key) {
$encryption_key = base64_decode($key);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
return base64_encode($encrypted . '::' . $iv);
}

//DECRYPT FUNCTION
function decryptthis($data, $key) {
$encryption_key = base64_decode($key);
list($encrypted_data, $iv) = array_pad(explode('::', base64_decode($data), 2),2,null);
return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
}

PHP Encryption Decryption Code Example

Here is an example of how these codes work with your POST variables. If you need more instructions on how to create forms, please see my tutorials FORM PROCESSING $_POST METHOD. As long as you have your server running you can copy and paste this PHP code example and it will work to show you how encryption and decryption is performed.

<?php
date_default_timezone_set('America/New_York');
?>
<html>
<head>
<title>PHP ENCRYPTION DECRYPTION MYSQL | The Best PHP Encryption Tutorial</title>
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" type="text/css" >
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css">
</head>
<body>
<div class="jumbotron"><h2>The Best PHP Encryption Tutorial</h2></div>
<div class="container">
<div class="row">
<div class="col-sm-3"></div>
<div class="col-sm-6">
<?php
//THE KEY FOR ENCRYPTION AND DECRYPTION
$key = 'qkwjdiw239&&jdafweihbrhnan&^%$ggdnawhd4njshjwuuO';
//ENCRYPT FUNCTION
function encryptthis($data, $key) {
$encryption_key = base64_decode($key);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
return base64_encode($encrypted . '::' . $iv);
}
//DECRYPT FUNCTION
function decryptthis($data, $key) {
$encryption_key = base64_decode($key);
list($encrypted_data, $iv) = array_pad(explode('::', base64_decode($data), 2),2,null);
return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
}

if(isset($_POST['submit'])){

//GET POST VARIABLES
$firstName=$_POST['firstName'];
$email=$_POST['email'];

//THE ENCRYPTION PROCESS
$nameencrypted=encryptthis($firstName, $key);
$emailencrypted=encryptthis($email, $key);

//THE DECRYPTION PROCESS
$namedecrypted=decryptthis($nameencrypted, $key);
$emaildecrypted=decryptthis($emailencrypted, $key);

//DISPLAY RESULTS
echo '<h2>Original Data</h2>';
echo '<p>Name: '.$firstName.'</p>';
echo '<p>Email: '.$email.'</p>';
echo '<h2>Encrypted Data</h2>';
echo '<p>Name Encrypted: </p><p style="background-color:yellow">'.$nameencrypted.'</p>';
echo '<p>Email Encrypted: </p><p style="background-color:yellow; word-break: break-all;">'.$emailencrypted.'</p>';
echo '<h2>Decrypted Data</h2>';
echo '<p>Name Decrypted: '.$namedecrypted.'</p>';
echo '<p>Email Decrypted: '.$emaildecrypted.'</p>';
echo '<h2>Insert Results Into Database</h2>';
echo '<p>We will insert the encrypoted information into the database with this code.</p>'; ?>
<pre> mysqli_query($con,"INSERT INTO people(`name`, `email`)
VALUES ('$nameencrypted','$emailencrypted')");

Retrieve Results From Database

We will retrieve the results from the database with this code.

$con = new mysqli("$host", "$username", "$password", "$dbname");
$result = $con->query("SELECT * FROM people") ;
while ($row = $result->fetch_assoc()) {
echo decryptthis($row['name'], $key);
echo decryptthis($row['email'], $key);
}
//SEPERATOR
echo '<div class="well"><h2>Our Form</h2>';
//FORM FOR OUR EXAMPLE
echo '<form method="post">
<div class="form-group">
<label for="firstName">Enter Name Here</label>
<input type="text" class="form-conrtol" name="firstName">
</div>
<div class="form-group">
<label for="email">Enter Email Here</label>
<input type="email" class="form-conrtol" name="email">
</div>
<input type="submit" name="submit" class="btn btn-success btn-lg" value="submit">
</form>';
?>
</div>
</div>
<div class="col-sm-3"></div>
</div>
</div>
</body>
</html>

Prepare A Database

Create a database in phpMyAdmin and call it “users”. Then you will want to navigate to the SQL tab at the top and insert the following code that will give you a table called “people” with 4 tables in it.

CREATE TABLE `people` (
`id` int(11) NOT NULL,
`name` text NOT NULL,
`email` text NOT NULL,
`reg_date` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp()
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;