Skip to content

PHP string to hex and hex to string functions

In my opinion SQL injection is an major issue when it comes to web application development. Typically programmers deal with it by escaping strings, while this is probably the best way to get it handled i want to show you different yet effective approach to this problem – converting string to hex value.

Hex value consists of digits and letters from A to F, so this are “normal” chars which can be inserted safely into query, furthermore you can convert any string into hex value. It doesn’t matter what encoding you are going to use, or what kind of text you are converting (plain text, html, xml, etc).

Converting string to hex

Without any further ado here is a script for converting string into HEX. Actually i should credit someone for this code because i am not the one who wrote it in the first place but unfortunately i do not remember where i found it.

function strToHex($string)
    for ($i=0; $i < strlen($string); $i++)
        $hex .= dechex(ord($string[$i]));
    return $hex;

Converting string to hex

Now converting backwards – hex to string.

function hexToStr($hex)
    for ($i=0; $i < strlen($hex)-1; $i+=2)
        $string .= chr(hexdec($hex[$i].$hex[$i+1]));
    return $string;

Well it all looks good and wonderful, but as always there are no roses without torns. First of all string converted to hex value is twice as long as original string. Second if you are going to use hex data in database then handling data may become a bit complicated.

Published inGeneral


  1. i have checked itโ€™s really great

  2. asusl asusl

    Second if you are going to use hex data in database then handling data may become a bit complicated.

    — Thanks for this. Very important.

  3. Actually, this is not 100% working. It omits the “0” before the numbers < 0x10. You will get lots of 0xA, 0xB etc instead of 0x0A or 0x0B. I have put myself a condition and now it really works great.

  4. Thanks for sharing Sergiu, i knew there was something wrong but i couldn’t figure it out :)

  5. Thanks for the script. I found a little problem with your post, you put “Converting string to hex” on the section of hex to string.

  6. Looks awesome.

    Did you update the script above with Sergui’s suggestion?

  7. Martin Martin

    I fixed the strToHex so that it will add “0” when required. Also it will do un UpperCase.

    and Tks for your help.

    function strToHex($string)
    //return bin2hex($string);
    for ($i=0; $i < strlen($string); $i++)
    if (ord($string[$i])<16)
    $hex .= "0";
    $hex .= dechex(ord($string[$i]));
    return strtoupper($hex);

  8. joan joan

    how can i get the string value for this hex value: 0x0C?

    the expected output is: \f

    this returns empty:

    any idea how to get more than one char value from hex?

  9. phpnewbie phpnewbie

    62E 635 645 20 35 30 30 2E 30 30 30 20 4B 57 44 20 645 646 20 62D 633 627 628 20 32 35 38 38 627 644 645 62A 628 642 64A 20 31 2C 34 32 31 2E 36 31 32 20 4B 57 44 20 627 644 645 62A 648 641 631 20 31 2C 34 32 31 2E 36 31 32 20 4B 57 44

    this function does nt work with this..!!

  10. sun0x0001 sun0x0001

    Yo! Thanks for hexToStr() func!
    Suppose alternative might be usefull for smb:

    $s = preg_replace(‘#(\w)(\w)#e’, “chr(hexdec(‘$1$2’))”, $hex);

  11. cvk cvk

    strToHex doesn’t work as expected. Try this instead:

    function strToHex($string)
    for ($i=0; $i < strlen($string); $i++)
    $hex .= sprintf("%02x",ord($string[$i]));
    return $hex;

  12. Hi, unfortunately (or fortunately) i must agree to Paul Gregg. Looping large strings (for example files to be handled in sql inserts) 5Mb file convertion on my server is at ~5 seconds. If you add check for 0x0 => 0x00 then it becomes ~ 8seconds when using unpack(‘H*’) takes 1.5seconds.

    On the other hand using looping gives additional control over process so thanks for this too.

  13. Thanks for really helps for the beginers.Can you let me how can i generate hex code for chinesse language and shown in front-end?

  14. yippy yippy

    base64 anyone? ๐Ÿ˜€

  15. Komb Komb

    If you need to convert string to hex, just use built-in function:


    For reverse conversion native hex2bin() is in manual, but not yet implemented :(

    I use sun0x0001 method – nice and short. Tested on urls.

  16. Shawn Shawn

    Hey, I am attempting to carve raw dumps of data for input with a PHP script. I am doing this for fun. Perhaps you could assist me? My problem is outlined here,

    I used your strhex functions and they work great!

    Just need to figure out why my script is ignoring those zeros :(

    Thanks so much! Send me an e-mail please! e.x.c.a.b.u.s.@.g.m.a.i.l DAWT CAWM

  17. Never thought this way… escaping string is much easier.
    Bookmarked it for future reference…

  18. Great couple of functions Greg, and nice fix Sergiu. Thanks

  19. Great Post !
    I just want to get String to Hex in C#
    Some one help me..

  20. the problem is when –>
    // $string[$i] is a byte –> 00 to FF –>(code ASCII 00-255)
    $hex ==0;
    //and the same when the byte is for example–> $string[$i]==04
    //because dechex(ord(04))==4
    //the solution is for example a string of 102 bytes of a bmp file–>
    for ($i=0; $i

  21. <?php
    for ($i=0; $i

  22. Warning: the code may fail for strings containing hex 0x00 to 0x09 !!!
    (for example,
    echo strToHex($str); //Expect: “0101” Actual result: “11”
    echo strToHex(“\x00\x00”); //Expect: “0000” Actual result: “00”
    bug here:
    $hex .= dechex(ord($string[$i]));
    should be
    $hex .= str_pad(dechex(ord($string[$i])),2,”0″,STR_PAD_LEFT);

  23. Wow.. that’s great dude..
    Thanks for the script..

Leave a Reply

Your email address will not be published. Required fields are marked *