php-general Digest 2 Mar 2011 06:56:53 -0000 Issue 7206
Topics (messages 311608 through 311612):
Re: Help! Made a boo-boo encrypting credit cards
311608 by: Brian Dunning
311609 by: Bastien Koert
311610 by: Ken Kixmoeller
Re: Sorting an array
311611 by: Alex
Help needed with mysql import
311612 by: Ashim Kapoor
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
I just wanted to ping this, as it's becoming a serious problem. I hope someone
can help.
On Feb 11, 2011, at 2:42 PM, Brian Dunning wrote:
> Hey all -
>
> I'm using mcrypt to store credit cards into MySQL. About 90% of them decrypt
> fine, but about 10% decrypt as nonsense ("b1�\�JEÚU�A���" is a good example).
> Maybe there is a character that appears in about 10% of my encryptions that's
> not being encoded properly???
>
> // Encryption is set up at the top of the script:
> $crypto = mcrypt_module_open('rijndael-256', '', 'ofb', '');
> $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($crypto), MCRYPT_DEV_RANDOM);
> $ks = mcrypt_enc_get_key_size($crypto);
> $key = substr(md5('my_funky_term'), 0, $ks);
>
> // When the card number is collected by the form, it's encrypted:
> $cc_number = addslashes($_POST['cc_number']);
> mcrypt_generic_init($crypto, $key, $iv);
> $cc_encrypt = mcrypt_generic($crypto, $cc_number);
> mcrypt_generic_deinit($crypto);
>
> // This is written to the database:
> $query = "update accounts set cc_encrypt='$cc_encrypt', encrypt_iv='$iv',
> other_fields='$other_stuff' where id='$account_id' limit 1";
> $result = mysql_query($query) or die(mysql_error());
>
> Both the cc_encrypt and encrypt_iv fields are tinytext, latin1_swedish_ci,
> MyISAM, MySQL 5.0.91
>
> In another script, when I retrieve, I first set it up at the top of the
> script exactly like step #1 above, then retrieve it like this:
>
> mcrypt_generic_init($crypto, $key, $row['encrypt_iv']);
> $cc_number = trim(mdecrypt_generic($crypto, $row['cc_encrypt']));
> mcrypt_generic_deinit($crypto);
>
> Most of them are good, a few of them are bad. Can anyone see anything I'm
> doing wrong or a case I'm not covering? Thanks much.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
On Tue, Mar 1, 2011 at 12:34 PM, Brian Dunning <[email protected]> wrote:
> I just wanted to ping this, as it's becoming a serious problem. I hope
> someone can help.
>
>
> On Feb 11, 2011, at 2:42 PM, Brian Dunning wrote:
>
>> Hey all -
>>
>> I'm using mcrypt to store credit cards into MySQL. About 90% of them decrypt
>> fine, but about 10% decrypt as nonsense ("b1�\�JEÚU�A���" is a good
>> example). Maybe there is a character that appears in about 10% of my
>> encryptions that's not being encoded properly???
>>
>> // Encryption is set up at the top of the script:
>> $crypto = mcrypt_module_open('rijndael-256', '', 'ofb', '');
>> $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($crypto), MCRYPT_DEV_RANDOM);
>> $ks = mcrypt_enc_get_key_size($crypto);
>> $key = substr(md5('my_funky_term'), 0, $ks);
>>
>> // When the card number is collected by the form, it's encrypted:
>> $cc_number = addslashes($_POST['cc_number']);
>> mcrypt_generic_init($crypto, $key, $iv);
>> $cc_encrypt = mcrypt_generic($crypto, $cc_number);
>> mcrypt_generic_deinit($crypto);
>>
>> // This is written to the database:
>> $query = "update accounts set cc_encrypt='$cc_encrypt', encrypt_iv='$iv',
>> other_fields='$other_stuff' where id='$account_id' limit 1";
>> $result = mysql_query($query) or die(mysql_error());
>>
>> Both the cc_encrypt and encrypt_iv fields are tinytext, latin1_swedish_ci,
>> MyISAM, MySQL 5.0.91
>>
>> In another script, when I retrieve, I first set it up at the top of the
>> script exactly like step #1 above, then retrieve it like this:
>>
>> mcrypt_generic_init($crypto, $key, $row['encrypt_iv']);
>> $cc_number = trim(mdecrypt_generic($crypto, $row['cc_encrypt']));
>> mcrypt_generic_deinit($crypto);
>>
>> Most of them are good, a few of them are bad. Can anyone see anything I'm
>> doing wrong or a case I'm not covering? Thanks much.
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Could it be that the addslashes is creating a \0 (null) value? That
might screw up the decryption routine.
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
On Fri, Feb 11, 2011 at 4:42 PM, Brian Dunning <[email protected]> wrote:
> Hey all -
>
> I'm using mcrypt to store credit cards into MySQL. About 90% of them decrypt
> fine, but about 10% decrypt as nonsense ("b1�\�JEÚU�A���" is a good example).
> Maybe there is a character that appears in about 10% of my encryptions that's
> not being encoded properly???
>
> // Encryption is set up at the top of the script:
> $crypto = mcrypt_module_open('rijndael-256', '', 'ofb', '');
> $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($crypto), MCRYPT_DEV_RANDOM);
> $ks = mcrypt_enc_get_key_size($crypto);
> $key = substr(md5('my_funky_term'), 0, $ks);
>
> // When the card number is collected by the form, it's encrypted:
> $cc_number = addslashes($_POST['cc_number']);
> mcrypt_generic_init($crypto, $key, $iv);
> $cc_encrypt = mcrypt_generic($crypto, $cc_number);
> mcrypt_generic_deinit($crypto);
>
> // This is written to the database:
> $query = "update accounts set cc_encrypt='$cc_encrypt', encrypt_iv='$iv',
> other_fields='$other_stuff' where id='$account_id' limit 1";
> $result = mysql_query($query) or die(mysql_error());
>
> Both the cc_encrypt and encrypt_iv fields are tinytext, latin1_swedish_ci,
> MyISAM, MySQL 5.0.91
>
> In another script, when I retrieve, I first set it up at the top of the
> script exactly like step #1 above, then retrieve it like this:
>
> mcrypt_generic_init($crypto, $key, $row['encrypt_iv']);
> $cc_number = trim(mdecrypt_generic($crypto, $row['cc_encrypt']));
> mcrypt_generic_deinit($crypto);
>
> Most of them are good, a few of them are bad. Can anyone see anything I'm
> doing wrong or a case I'm not covering? Thanks much.
Just a WAG, but when I first was working with mcrypt, it would append
spaces to the encrypted value. I would have to TRIM() everything for
processing or decryption. BTW, we also elected *not* to store card
numbers, only the last 4 digits.
--- End Message ---
--- Begin Message ---
That or do it in mysql before you get the data back, its also pretty good at
sorting, you know ;)
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
FeIn <[email protected]> wrote:
Also check http://www.php.net/manual/en/function.natsort.php On Tue, Mar 1,
2011 at 1:39 PM, David Robley <[email protected]> wrote: > Ron Piggott wrote:
> > > > > I need help to know how to sort the words / phrases in my array. > >
> > Variable name: $words_used > > print_r( $words_used ); Current output:
Array ( [187] => Sin [249] => > > Punished [98] => Sanctuary [596] => Sing
[362] => Anointing Oil ) Desired > > result: Alphabetical sort: Array ( [362]
=> Anointing Oil [249] => > > Punished [98] => Sanctuary [187] => Sin [596] =>
Sing ) > > > > The #?s are the auto_increment value of the word in the mySQL
database. > > The number is not representative of alphabetical order, but the
order it > > was added to the database. > > > > Thank you for your assistance.
> > > > Ron > > Like the man said - asort. May I recommend you to
http://php.net where you > will find the answer to most of your queries, simply
by looking under a > generic area, such as array (http://php.net/array) for
this particular > problem. Surely you have been around here long enough to be
able to find > things in the documentation, or at least try there first, by
now? > > > > > Cheers > -- > David Robley > > Do fish get thirsty? > Today is
Setting Orange, the 60th day of Chaos in the YOLD 3177. > > > -- > PHP General
Mailing List (http://www.php.net/) > To unsubscribe, visit:
http://www.php.net/unsub.php > >
--- End Message ---
--- Begin Message ---
Dear all,
I am trying to make a website with php and I found the following code in a
book and I am trying to import it. The following are the beginning of the
file i am trying to import with the command
mysql -u root -pmypassword certainty < dump
I get the following error : ERROR 1067 (42000) at line 9: Invalid default
value for 'id'
but when I see line 9 i see the value '0' for id which seems ok to me, I
also tried removing the quotes but same error.
Can someone guide me ?
Thank you,
Ashim
# MySQL dump 7.1
#
# Host: [host deleted] Database: certainty
#--------------------------------------------------------
# Server version 3.22.32
#
# Table structure for table 'high_scores'
#
CREATE TABLE high_scores (
id int(11) DEFAULT '0' NOT NULL auto_increment,
name varchar(30),
answer_count int(11),
credit double(16,4),
PRIMARY KEY (id)
);
--- End Message ---
