Thanks Dave and DrDOS for your responses. I hadn't really considered the fact that the symmetric encryption is all that needs to be cracked to access the data. The problem I'm struggling with is the idea that I want the data to be encrypted so that only the user will have access to it, I want to make it impossible for even me to access it.
From what I've read thus far public key encryption provides the best security but in an ideal world the private key is stored on the users machine, not in the database with the public key.
I'm going to look into this further, but if you or anyone else has any thoughts on improving the above method, then please let me know.
many thanks again,
"An expert is a person who has made all the mistakes that can be made in a very narrow field."