I’ve always wondered how one would securely store sensitive information in a MySQL database. A recent project has given me the opportunity to work on it, and I’ve been impressed on how easy it is to implement. MySQL provides an easy interface for encrypting data before storing it in the database. Simply use the AES_ENCRYPT and AES_DECRYPT functions when reading or writing to a table.
Simply make your column a blob field, then use something like this to write to the table
(using a PEAR::DB syntax)
$db->query(" UPDATE sometable SET some_col = AES_ENCRYPT( ?, ?) WHERE something_else = ? " array( $sensitive_value, $encryption_key, $index));
and something like this to read it back out
$value = $db->getOne(" SELECT AES_DECRYPT( some_col, ?) FROM sometable WHERE something_else = ? ", array( $encryption_key, $index));
What could be easier?