2

As the title of the post says, I am testing a bit of code where I enter data on my form, then encrypt all the fields using MD5 (or whatever you think is best) and send it to my MS SQL Database.

$query = "INSERT INTO table_hide(firstname,last) 
VALUES('".md5('Gary')."','".md5('Long')."');

Of course the database data is encrypted and I would like to read it.

I am also aware of using EncryptByPassPhrase and DecryptByPassPhrase in MS SQL to Encrypt and Decrypt a password. However, I would like assistance in using the same "key" in the website to encrypt and on the SQL server to decrypt

So my question is, how would I encrypt my data I'm sending to my database and then have that same key in my database to decrypt it.

Improve this question
7
  • unless your a bank 99% of people should not store data encrypted in the db Commented Aug 20, 2015 at 4:03
  • 2
    md5 is not an encryption algorithm.. it is a hashing algorithm which means it only works one way, you can't get the source data from the resultant hash. Commented Aug 20, 2015 at 4:09
  • @Orangepill Noted, can you suggest an encryption algorithm? Commented Aug 20, 2015 at 4:27
  • @Dagon I am just making an effort for my insert statement not to be transfered in plain text. Commented Aug 20, 2015 at 4:28
  • 2
    @Niana A better option would be to connect to your database via ssl if you want to prevent mitm viewing of your insert statements. see stackoverflow.com/questions/9738712/… Commented Aug 20, 2015 at 4:31

1 Answer 1

Reset to default
0

I am testing a bit of code where I enter data on my form, then encrypt all the fields using md5 (or whatever you think is best) and send it to my MS SQL Database.

MD5 doesn't provide encryption, it's a one-way cryptographic hash function. The difference between hashing and encrypting is very important.

$query = "INSERT INTO table_hide(firstname,last) 
VALUES('".md5('Gary')."','".md5('Long')."');

You might want to read this answer on preventing SQL injection. String concatenation is less reliable than prepared statements, so you might want to review your other code.

So my question is, how would I encrypt my data im sending to my database and then have that same key in my database to decrypt it.

You could, for example, have a stored procedure that decrypts it with a constant key. However, what exactly are you hoping to accomplish by encrypting records in the first place?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.