This is based on advise given ina previous thread I posted awhile ago for protecting data.
I tried the following:
<?php
function base_encode($text)
{
$size = strlen($text);
$str="";
for($i=0;$i<$size;$i++)
{
$str=$str.slide_left(substr($text,0,1),4);
$text=substr($text,-1);
}
return $str;
}
function base_decode($text)
{
$size = strlen($text);
$str="";
for($i=0;$i<$size;$i++)
{
$str=$str.slide_right(substr($text,0,1),4);
$text=substr($text,-1);
}
return $str;
}
function get_num($i)
{
$j=0;
for($j;(($j<128)&&(chr($j)!=$i));$j++){}
return $j;
}
function slide_left($i,$num)
{
//$str="-1";
$nn = get_num($i);
//if($nn!=-1)
//{
//$nn = ($nn+$num)%count($valid_chars);
$str = chr(($nn+$num)%count(128));
//$str = $valid_chars[$nn];
//}*/
return $str;
}
function slide_right($i,$num)
{
$str="-1";
$nn = get_num($i);
$nn-=$num;
if($nn<0)
{
$nn+=count(128);
}
$str = chr($nn);
return $str;
}
function get_binary($i)
{
$ret_string="";
$num=get_num($i);
if($num==-1)
{
$ret_string="2";
}
else
{
for($i=7;$i>=0;$i--)
{
$base = pow(2,$num);
if((intval($num/$base) == ($num/$base))&&($num!=0))
{
$ret_string=$ret_string."1";
$num-=$base;
}
else
{
$ret_string=$ret_string."0";
}
}
}
return $ret_string;
}
function binary_encode($text)
{
$size = strlen($text);
$str="";
for($i=0;$i<$size;$i++)
{
$str=$str.get_binary(substr($text,0,1));
$text=substr($text,-1);
}
return $str;
}
function get_char($i)
{
$one = 1;
$num=0;
for($i=0;$i<8;$i++)
{
//$ss = substr($i,-1);
if($i & $one)
{
$num=($num<<1)+1;
}
else
{
$num=($num<<1)+0;
}
$i = ($i>>1);
//$i = substr($i,0,-1);
}
return chr($num);
}
function binary_decode($text)
{
$size = strlen($text);
$str="";
for($i=0;$i<$size;$i++)
{
$str=$str.get_char(substr($text,0,1));
$text=substr($text,-1);
}
return $str;
}
?>
and tester:
<?php
require_once('text_encode.php');
$con = mysql_connect('localhost','jddancks','csc255');
mysql_select_db('test',$con);
$str = "Datsun is a funny kitty. \"' OR '' = ''\"";
echo "<p>Test string: ".$str."</p>";
$var = "INSERT INTO text_table(data) values ('%s')";
$bin = "INSERT INTO binary_table(data) values ('%s')";
$q = mysql_query(sprintf($var,base_encode($str)));
$q = mysql_query(sprintf($bin,base_encode($str)));
$q = mysql_query(sprintf($var,binary_encode($str)));
$q = mysql_query(sprintf($bin,binary_encode($str)));
$q = mysql_query(sprintf($var,binary_encode(base_encode($str))));
$q = mysql_query(sprintf($bin,binary_encode(base_encode($str))));
$q = mysql_query("SELECT * From text_table");
$q2 = mysql_query("SELECT * from binary_table");
$i = 0;
while(($r1=mysql_fetch_assoc($q))&&($r2=mysql_fetch_assoc($q2)))
{
echo "<p>".$r1['data']."</p>";
echo "<p>".$r2['data']."</p>";
if($i==1)
{
echo "<p>".base_decode($r1['data'])."</p>";
echo "<p>".base_decode($r2['data'])."</p>";
}
else if($i==2)
{
echo "<p>".$r1['data']."</p>";
echo "<p>".$r2['data']."</p>";
echo "<p>".binary_decode($r1['data'])."</p>";
echo "<p>".binary_decode($r2['data'])."</p>";
}
else
{
echo "<p>".base_decode(binary_decode($r1['data']))."</p>";
echo "<p>".base_decode(binary_decode($r2['data']))."</p>";
}
}
?>
mysql tables for reference:
create table text_table(
tableid smallint not null auto_increment,
data varchar(200) not null,
PRIMARY KEY(tableid)
);
create table binary_table(
tableid smallint not null auto_increment,
data varbinary(200) not null,
PRIMARY KEY(tableid)
);
Tester timed out after 30 seconds. SO what are your thoughts? What did I do wrong?
