mysql - Php pdo insert query

Question

I need to insert encrypted values in mysql table, but when I use traditional pdo method to insert its inserting the data in wrong format. ex: I insert aes_encrypt(value, key) in place of inserting encrypted value its inserting this as string.

Following is the code :

$update = "insert into `$table` $cols values ".$values;
$dbh = $this->pdo->prepare($update);
$dbh->execute($colVals);

$arr = array("col"=>"aes_encrypt ($val, $DBKey)");

I know i am doing it wrong, but not able to find correct way.

Answer 1

You are almost there, here is a simplified version:

<?php

$sql = "insert into `users` (`username`,`password`) values (?, aes_encrypt(?, ?))";
$stmt = $this->pdo->prepare($sql);

// Do not use associative array
// Just set values in the order of the question marks in $sql
// $fill_array[0] = $_POST['username']  gets assigned to first ? mark
// $fill_array[1] = $_POST['password']  gets assigned to second ? mark
// $fill_array[2] = $DBKey              gets assigned to third ? mark

$fill_array = array($_POST['username'], $_POST['password'], $DBKey); // Three values for 3 question marks

// Put your array of values into the execute
// MySQL will do all the escaping for you
// Your SQL will be compiled by MySQL itself (not PHP) and render something like this:
// insert into `users` (`username`,`password`) values ('a_username', aes_encrypt('my_password', 'SupersecretDBKey45368857'))
// If any single quotes, backslashes, double-dashes, etc are encountered then they get handled automatically
$stmt->execute($fill_array); // Returns boolean TRUE/FALSE

// Errors?
echo $stmt->errorCode().'<br><br>'; // Five zeros are good like this 00000 but HY001 is a common error

// How many inserted?
echo $stmt->rowCount();

?>