Re: [PHP] occasional mcrypt problems
As you have magic_quotes on, automatically happens *addslashes*, now you need to reverse the proces Steve Yates wrote: Marek Kilimajer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... try $_POST['Credit_Card_Number']=stripslashes($_POST['Credit_Card_Number']); But if magic_quotes_gpc=on shouldn't that happen automatically? - Steve Yates - Brainstorm? No, but I had a braindrizzle once. ~ Taglines by Taglinator - www.srtware.com ~ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] occasional mcrypt problems
Marek Kilimajer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... As you have magic_quotes on, automatically happens *addslashes*, now you need to reverse the proces I think I see where you're going, but I'm not sure that's the correct avenue here. If slashes from magic_quotes were in the string before encryption, wouldn't they be in the string after decryption? Why would that result in data corruption? Marek Kilimajer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... $_POST['Credit_Card_Number']=stripslashes($_POST['Credit_Card_Number']); - Steve Yates - WORK HARDER!... Millions on welfare depend on YOU!!! ~ Taglines by Taglinator - www.srtware.com ~ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] occasional mcrypt problems
try
$_POST['Credit_Card_Number']=stripslashes($_POST['Credit_Card_Number']);
Steve Yates wrote:
Hello,
I recently implemented a database using MySQL that is storing selected
fields encrypted. However on a very small number of records the decrypted
result is not correct for some fields, for example for this credit card
number:
-99-ÏF¡hßxø
It appears in fact the same way as the problem I first experienced, when the
database field was not big enough to store the encrypted text (which I
discovered takes a multiple of the blocksize, so it is usually bigger than
the original string). However the blocksize is 8 and to provide a safety
margin all the fields to be encrypted have 10 extra characters in them
(varchar fields).
So far this happens on at most one field in a record, perhaps on less than
5% of the records. At first I was thinking maybe the addslashes() was
adding text but MySQL should be stripping that out before entering it into
the database, right? Also I can't seem to duplicate this by entering the
same values in the form again.
Any suggestions? Here is my encryption code:
$hrkey = '$R^a$nd()M%'; // changed text
$td = mcrypt_module_open(MCRYPT_TRIPLEDES,'', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), 99);
//changed the number
$ks = mcrypt_enc_get_key_size ($td);
$key = substr(md5($hrkey), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$CreditCardNumber = addslashes(mcrypt_generic($td,
$_POST['Credit_Card_Number']));
(...post to database here...)
mcrypt_module_close($td);
Decryption code:
function mydecrypt($enc) {
global $td;
return rtrim(mdecrypt_generic($td, $enc), \0);
}
Thanks for any insight!
- Steve Yates
- ASCII stupid question, get a stupid ANSI.
~ Taglines by Taglinator - www.srtware.com ~
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] occasional mcrypt problems
Marek Kilimajer [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... try $_POST['Credit_Card_Number']=stripslashes($_POST['Credit_Card_Number']); But if magic_quotes_gpc=on shouldn't that happen automatically? - Steve Yates - Brainstorm? No, but I had a braindrizzle once. ~ Taglines by Taglinator - www.srtware.com ~ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
