TalkPHP - View Single Post

thegrayman · 12-08-2007, 04:49 PM

What about if we use encryption prior to running a sql insert or select statement.

$username=encryptMe(mysql_real_escape_string($_POS T['username']));
$password=encryptMe(mysql_real_escape_string($_POS T['password']));
$sql="Insert into users (username, password) values ('username','password');

Then shouldn't it turn the bad sql "or 1=1" into something unrecognizable by our database. Then we just decrypt something when we need to display it back?

$usernametodisplay=decryptMe($row['username');

12-08-2007, 04:49 PM	#17 (permalink)
thegrayman The Wanderer Join Date: Dec 2007 Posts: 15 Thanks: 3	What about if we use encryption What about if we use encryption prior to running a sql insert or select statement. $username=encryptMe(mysql_real_escape_string($_POS T['username'])); $password=encryptMe(mysql_real_escape_string($_POS T['password'])); $sql="Insert into users (username, password) values ('username','password'); Then shouldn't it turn the bad sql "or 1=1" into something unrecognizable by our database. Then we just decrypt something when we need to display it back? $usernametodisplay=decryptMe($row['username');