This is an overly simplified answer and should be taken with a grain of salt, as most answers about security:

这是一个过于简化的答案，应该持保留态度，因为大多数关于安全性的答案是：

• Use SSL everywhere.

• Use a secure encryption key

• 在任何地方使用 SSL。

• 使用安全的加密密钥

For storage of encrypted data, you could use a BLOBfield, and use MySQL's built in encryption functions. Example:

对于加密数据的存储，您可以使用一个BLOB字段，并使用 MySQL 的内置加密函数。例子：

update mytable set myfield = AES_ENCRYPT('some value', SHA2('your secure secret key', 512));

If you prefer to do the encryption/decryption in the application code, take a look at PHP's Mcryptfunctions.

如果您更喜欢在应用程序代码中进行加密/解密，请查看 PHP 的Mcrypt函数。

• Encrypt the user input
• Store in the database
• Decrypt it after fetching it

• 加密用户输入
• 存储在数据库中
• 获取后解密

This is by no means a complete guide, but it's a start and better than doing nothing.

这绝不是一个完整的指南，但它是一个开始，总比什么都不做要好。

You may be able to learn more on https://security.stackexchange.com/

您可以在https://security.stackexchange.com/上了解更多信息

SQL query with key in it (as Wesley Murch suggests) is not a good idea. If you do:

带有键的 SQL 查询（正如 Wesley Murch建议的那样）不是一个好主意。如果你这样做：

update mytable set myfield = AES_ENCRYPT('some value', 'your secure secret key');

... and the query gets logged (slowlog for inst.) your secure secret key is captured in plain text, which should never happen. Such a query with the secret key would be also visible when you run query like SHOW PROCESSLIST.

...并且查询被记录（inst 的慢日志）您的安全密钥以纯文本形式捕获，这永远不会发生。当您运行类似SHOW PROCESSLIST.

Next problem where to store the secure key? In PHP file? It is again plain text.

下一个问题在哪里存储安全密钥？在 PHP 文件中？它又是纯文本。

Encrypt data:

加密数据：

Use private/public key encryption (http://en.wikipedia.org/wiki/Public-key_cryptography). PHP has quite good support for it.

使用私钥/公钥加密 ( http://en.wikipedia.org/wiki/Public-key_cryptography)。PHP 对它有很好的支持。

• Public keys can be stored with the user in DB, it is public.
• Private key can be encrypted with user's password. When user logs in, you decrypt the private key and store it in his cookies (if you use SSL, it is not that bad place) or session. Both are not perfect but better than plain text in php file.
• Use the public key to encrypt, private key to decrypt.
• Only user will have the access to his data.

• 公钥可以与用户一起存储在数据库中，它是公开的。
• 私钥可以用用户的密码加密。当用户登录时，您解密私钥并将其存储在他的 cookie（如果您使用 SSL，这不是那么糟糕的地方）或会话中。两者都不完美，但比 php 文件中的纯文本要好。
• 用公钥加密，用私钥解密。
• 只有用户才能访问他的数据。

If you want to learn more, you can google "user controlled encryption" or "zero knowledge privacy".

如果你想了解更多，你可以谷歌“用户控制加密”或“零知识隐私”。

SQL inserts / XSS:

SQL 插入/XSS：

The best protection is secure app. No doubt. If you want to secure it, you can use for inst PHP IDS to detect attacks: https://github.com/PHPIDS/PHPIDS

最好的保护是安全的应用程序。毫无疑问。如果你想保护它，你可以使用 inst PHP IDS 来检测攻击：https: //github.com/PHPIDS/PHPIDS

I have quite good experience with it.

我有很好的经验。

As implied in the comments, you are asking a huge question. You are going to need to research a number of separate issues:

正如评论中暗示的那样，您提出了一个很大的问题。您将需要研究许多单独的问题：

• SQL Injection and how to prevent it
• XSS and how to prevent it
• encrypting submitted form data using SSL
• best practices for storing sensitive information in a database

• SQL注入以及如何防止它
• XSS 以及如何防止它
• 使用 SSL 加密提交的表单数据
• 在数据库中存储敏感信息的最佳实践

It would be hard to address all of them in one answer. I would suggest performing some searches on this site for the topics mentioned above.

很难在一个答案中解决所有这些问题。我建议在本网站上对上述主题进行一些搜索。