我正在使用数据库加密,即SQL Server 2008 Express中的基于单元的对称加密。 但问题是插入的参数化查询不起作用。请帮帮我 。 。
编辑:
我使用以下查询作为示例:
foreach (var list in from DataRow row in dataTable.Rows select new ArrayList
{
String.Format("@var1, {0}", row["Column1"]),
String.Format("@var2, {0}", row["Column2"]),
String.Format("@var3, {0}", row["Column3"])
})
{
var query = String.Format(@"OPEN SYMMETRIC KEY {0} DECRYPTION BY CERTIFICATE {1}
INSERT INTO TableA (Column1, Column2, Column3) VALUES (@ENCRYPTBYKEY(KEY_GUID('symKey'), '{2}'), ENCRYPTBYKEY(KEY_GUID('symKey'), '{3}'), ENCRYPTBYKEY(KEY_GUID('symKey'), '{4}'))", symKey, symCer, "@var1", "@var2", "@var3");
con.Execute.ExecuteParameterizedQuery(query, list);
}
public string ExecuteParameterizedQuery(string query, ArrayList parametersList)
{
errorFlag = Connect(un, pasw, 3);
if ((String.CompareOrdinal(errorFlag, "Open") == 0))
{
var myTran = myConnection.BeginTransaction();
cmd = new SqlCommand(query, myConnection) { Transaction = myTran };
for (var i = 0; i < parametersList.Count; i++)
{
var split = parametersList[i].ToString().Split(',');
cmd.Parameters.AddWithValue(split[0], split[1]);
}
try
{
cmd.CommandText = query;
cmd.ExecuteNonQuery();
myTran.Commit();
errorFlag = string.Empty;
}
catch (Exception e)
{
errorFlag = e.Message;
}
finally
{
myConnection.Close();
myConnection.Dispose();
}
return errorFlag;
}
myConnection.Close();
myConnection.Dispose();
return errorFlag;
}
编辑2:
CREATE PROCEDURE ng_encryptString
(
@PlaneText VARCHAR(500), @SipherText VARBINARY(2000) OUT
)
AS
BEGIN
OPEN SYMMETRIC KEY symKey DECRYPTION BY CERTIFICATE SymCert
SELECT ENCRYPTBYKEY(KEY_GUID('SymKey'), @PlaneText)
END
答案 0 :(得分:1)
我建议的是,
使用
创建一个过程INSERT INTO TableA (Column1, Column2, Column3) VALUES(@val1,@val2,@val3)
现在在C#中创建一个encryptThestring(string val)函数,它应该返回给定正常输入值的加密值。
最后在C#中调用该过程并将参数作为
传递encryptThestring(string val1)
encryptThestring(string val2)
encryptThestring(string val3)
这是C#.net功能
public string EncryptString(string val)
{
SqlConnection sqlconn = new SqlConnection("conn_string");
sqlconn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = sqlconn;
cmd.CommandText = "ng_encryptString"; // This is the sproc which will encrypt the string
cmd.CommandType = CommandType.StoredProcedure;
SqlParameter param1 = cmd.Parameters.Add("inpuStr", SqlDbType.VarChar, 500);
param1.Direction = ParameterDirection.Input;
SqlParameter param3 = cmd.Parameters.Add("@encryptedStr", SqlDbType.VarChar, 2000);
param3.Direction = ParameterDirection.Output;
param1.Value = val;
cmd.ExecuteNonQuery();
sqlconn.Close();
return (string)param3.Value;
}
sproc ng_encryptString
CREATE Procedure [dbo].[ng_encryptString]
@string varchar(255),
@encryptedStr varbinary(2000) OUTPUT
As
Begin
Declare @res varbinary(2000)
IF NOT EXISTS(select * from sys.symmetric_keys where name='##MS_DatabaseMasterKey##')
CREATE MASTER KEY ENCRYPTION
BY PASSWORD = 'yourpassword'
IF NOT EXISTS(select * from sys.certificates where name='EncryptTestCert')
CREATE CERTIFICATE EncryptTestCert
WITH SUBJECT = 'yoursubject'
IF NOT EXISTS(select * from sys.symmetric_keys where name='TestTableKey')
CREATE SYMMETRIC KEY TestTableKey
WITH ALGORITHM = TRIPLE_DES ENCRYPTION
BY CERTIFICATE EncryptTestCert
OPEN SYMMETRIC KEY TestTableKey DECRYPTION
BY CERTIFICATE EncryptTestCert
SELECT @encryptedStr=ENCRYPTBYKEY(KEY_GUID('TestTableKey'),@string)
end