0

This is based on advise given ina previous thread I posted awhile ago for protecting data.

I tried the following:

<?php
function base_encode($text)
{
    $size = strlen($text);
    $str="";
    for($i=0;$i<$size;$i++)
    {
        $str=$str.slide_left(substr($text,0,1),4);
        $text=substr($text,-1);
    }
    return $str;
}
function base_decode($text)
{
    $size = strlen($text);
    $str="";
    for($i=0;$i<$size;$i++)
    {
        $str=$str.slide_right(substr($text,0,1),4);
        $text=substr($text,-1);
    }
    return $str;
}
function get_num($i)
{
    $j=0;
    for($j;(($j<128)&&(chr($j)!=$i));$j++){}
    return $j;
}
function slide_left($i,$num)
{
    //$str="-1";
    $nn = get_num($i);
    //if($nn!=-1)
    //{
        //$nn = ($nn+$num)%count($valid_chars);
        $str = chr(($nn+$num)%count(128));
        //$str = $valid_chars[$nn];
    //}*/
    return $str;
}
function slide_right($i,$num)
{
    $str="-1";
    $nn = get_num($i);
        $nn-=$num;
        if($nn<0)
        {
            $nn+=count(128);
        }
        $str = chr($nn);
    return $str;
}
function get_binary($i)
{
    $ret_string="";
    $num=get_num($i);
    if($num==-1)
    {
        $ret_string="2";
    }
    else
    {
        for($i=7;$i>=0;$i--)
        {
            $base = pow(2,$num);
            if((intval($num/$base) == ($num/$base))&&($num!=0))
            {
                $ret_string=$ret_string."1";
                $num-=$base;
            }
            else
            {
                $ret_string=$ret_string."0";
            }
        }
    }
    return $ret_string;
}

function binary_encode($text)
{
    $size = strlen($text);
    $str="";
    for($i=0;$i<$size;$i++)
    {
        $str=$str.get_binary(substr($text,0,1));
        $text=substr($text,-1);
    }
    return $str;
}
function get_char($i)
{
    $one = 1;
    $num=0;
    for($i=0;$i<8;$i++)
    {
        //$ss = substr($i,-1);
        if($i & $one)
        {
            $num=($num<<1)+1;
        }
        else
        {
            $num=($num<<1)+0;
        }
        $i = ($i>>1);
        //$i = substr($i,0,-1);
    }
    return chr($num);
}
function binary_decode($text)
{
    $size = strlen($text);
    $str="";
    for($i=0;$i<$size;$i++)
    {
        $str=$str.get_char(substr($text,0,1));
        $text=substr($text,-1);
    }
    return $str;
}
?>

and tester:

<?php
require_once('text_encode.php');
$con = mysql_connect('localhost','jddancks','csc255');
mysql_select_db('test',$con);
$str = "Datsun is a funny kitty. \"' OR '' = ''\"";
echo "<p>Test string: ".$str."</p>";
$var = "INSERT INTO text_table(data) values ('%s')";
$bin = "INSERT INTO binary_table(data) values ('%s')";

$q = mysql_query(sprintf($var,base_encode($str)));
$q = mysql_query(sprintf($bin,base_encode($str)));

$q = mysql_query(sprintf($var,binary_encode($str)));
$q = mysql_query(sprintf($bin,binary_encode($str)));

$q = mysql_query(sprintf($var,binary_encode(base_encode($str))));
$q = mysql_query(sprintf($bin,binary_encode(base_encode($str))));

$q = mysql_query("SELECT * From text_table");
$q2 = mysql_query("SELECT * from binary_table");
$i = 0;
while(($r1=mysql_fetch_assoc($q))&&($r2=mysql_fetch_assoc($q2)))
{
    echo "<p>".$r1['data']."</p>";
    echo "<p>".$r2['data']."</p>";
    if($i==1)
    {
        echo "<p>".base_decode($r1['data'])."</p>";
        echo "<p>".base_decode($r2['data'])."</p>";
    }
    else if($i==2)
    {
        echo "<p>".$r1['data']."</p>";
        echo "<p>".$r2['data']."</p>";
        echo "<p>".binary_decode($r1['data'])."</p>";
        echo "<p>".binary_decode($r2['data'])."</p>";
    }
    else
    {
        echo "<p>".base_decode(binary_decode($r1['data']))."</p>";
        echo "<p>".base_decode(binary_decode($r2['data']))."</p>";    
    }
}
?>

mysql tables for reference:

create table text_table(
tableid smallint not null auto_increment,
data varchar(200) not null,
PRIMARY KEY(tableid)
);

create table binary_table(
tableid smallint not null auto_increment,
data varbinary(200) not null,
PRIMARY KEY(tableid)
);

Tester timed out after 30 seconds. SO what are your thoughts? What did I do wrong?

2
Contributors
1
Reply
2
Views
4 Years
Discussion Span
Last Post by pritaeas
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.