Yeah, but then if someone hacks the database wouldn't the data be secure as long as we could protect our key(s). Wouldn't someone if they were able to get in to out database just get gobbledygook that would be unusable without the key and the encryption being used?

I was planning to escape the input and then encrypt it. Whatever I present back to the user will be just that, presentation. As long as it is not vulgar, I could care less. Whenever I send anything back to the database I plan to encrypt it again. I keep the encryption functions all in one .inc.php file and it should basically just have two functions one to encrypt and one to decrypt, passing the string needed to be encrypted or decrpyted.

I understand the additional cpu cycles, but it would make me feel a lot happier if no one if they got a hold of the database could read anything, at least important that is.