Search code examples
phphtmlencryptionpdo

Shows wrong data Decrypy PDO/PHP

I have a question about my code. The problem is that when I say echo $columnB then the code shows the student_city that is in my database, but I want to show the decrypted password. It just shows the wrong data.

(there is an another page where I encrypt the password but I need the decrypted password echo'ed

<html>
<head>
    <title>insert data in database using PDO(php data object)</title>
    <link rel="stylesheet" type="text/css" href="style-login.css">
</head>
<body>

    <div id="main">
        <h1>Login using PDO</h1>
    <div id="login">
        <h2>Login</h2>
        <hr/>
        <form action="" method="post">
            <label>Email :</label>
            <input type="email" name="stu_email" id="email" required="required" placeholder="john123@gmail.com"/><br/><br />
            <label>Password :</label>
            <input type="password" name="stu_ww" id="ww" required="required" placeholder="Please Enter Your Password"/><br/><br />
            <input type="submit" value=" Submit " name="submit"/><br />
        </form>
    </div>
    
    </div>
    
    <?php
    //require ("encrypt.php"); 
        if(isset($_POST["submit"])){
            $hostname='localhost';
            $username='root';
            $password='';
            $pdo = "college";
            $student_email = $_POST["stu_email"];
            $encrypt_key = "4ldetn43t4aed0ho10smhd1l";
                       
            try {
                $dbh = new PDO("mysql:host=$hostname;dbname=college","root","$password");                   
                $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                    
                    // Query
                    $statement = $dbh->prepare("SELECT student_email, student_city, AES_DECRYPT(student_password, '$encrypt_key')
                        AS student_password FROM students WHERE student_email = :student_email ORDER BY student_email ASC");
                    
                    // Assign and execute query
                    $statement->bindParam(':student_email', $student_email, PDO::PARAM_STR);
                        $statement->setFetchMode(PDO::FETCH_ASSOC);
                             $statement->execute();

                    // Get data
                        while($row = $statement->fetch()) {
                            echo "1 ,";                                
                            //$columnA_value = $row['student_city'];
                            $columnB_value = $row['student_password'];
                        }
                        echo "2 ,";
                        echo $columnB_value;
            }

                catch(PDOException $e)
                {
                    echo $e->getMessage();
                }
            
        }
    ?>
</body>
</html>
Solution 
  • SELECT student_email, student_city, CAST(AES_DECRYPT(student_password, '$encrypt_key') AS char(50)) AS student_password FROM students WHERE student_email = :student_email ORDER BY student_email ASC;

    Try to explicitly cast it to string. You can change the '50' according to your requirement.

    Also your echo is outside while loop, hence it will print only last record if there are more than 1 records.