How to encrypt and execute your PHP code with MCRYPT or OPENSSL

Hello! While the scenario may not necessarily be common in which you would want to encrypt your PHP code and execute it, it is something that I would consider an interesting discussion nonetheless. I fully support free and open source software, however if you are developing an application that manages or monitors systems or services or an application that needs to reside in a “hostile” environment, it might be pertinent to consider encrypting the code before executing it. This protects your code from even being read (and ultimately executed) unless the proper key is passed in order to decrypt it. In the following example & breakdown, we will be (separately) using both the Mcrypt and OpenSSL to encrypt a block of code with a specified key. We will then use that same key to decrypt the encrypted code in order to run it. The reason why I am giving both […]

Securing your MySQL queries from SQL injection in PHP

Hello! There is many strategies for securing your code against malicious user input. Some frameworks have checks and balances built in. There are simple standard PHP functions that are designed to strip tags and illegal characters from variables like strip_tags and filter_var. Filtering XSS in PHP Those standard functions are good for basic input filtering, but will not protect you 100%. For example, with strip_tags, you can still escape the filter and inject javascript into the request :

So what do you do? Well this post was written to mainly cover SQL injection with MySQL queries in PHP. Before we get to that, I’ll touch on one option which is to create your own customized input sanitize function. The function can be adjusted based on the queries, commands and risk factors that are dependent on the actual function of your code. Using str_replace, you could craft your own function […]