No, that is not safe. All of those values are in the database. As a result, anyone who accesses the database can derive the key, decrypt the values, and read the data.
Your original idea is better: use the output of a key derivation algorithm such as SCRYPT(don't just hash the password, its too weak) on the user's password as your encryption key. Then store a version of that in the user's session. Of course, you need to make sure session data is stored securely and deleted completely after user logout/idle. One fail safe way to do this is write the data to a file yourself, store the file name in the session, and then securely delete the file (e.g. via the shred command or overwriting with random data).