如何在microsoft sql数据库中存储加密数据并检索并解密它

时间:2017-09-30 15:23:23

标签: php sql-server encryption

使用以下类加密和解密我的数据

    <?php

class ConnectionInfo  
{
    public $mServerName;
    public $mConnectionInfo;
    public $conn;

    public function GetConnection()
    {
        # code...
        $this->mServerName =  "DESKTOP-ES2IEHB\SQLEXPRESS";
        $this->mConnectionInfo =  array("Database"=>"thefaithdb");
        $this->conn = sqlsrv_connect($this->mServerName,$this->mConnectionInfo);

        return $this->conn;
    }

    public function my_simple_crypt( $string, $action = 'e',$algo ) {
        // you may change these values to your own
        $secret_key = 'my_simple_secret_key';
        $secret_iv = 'my_simple_secret_iv';

        $output = false;
        $encrypt_method = "AES-256-CBC";
        $key = hash( $algo, $secret_key );
        $iv = substr( hash( $algo, $secret_iv ), 0, 16 );

        if( $action == 'e' ) {
            $output = base64_encode( openssl_encrypt( $string, $encrypt_method, $key, 0, $iv ) );
        }
        else if( $action == 'd' ){
            $output = openssl_decrypt( base64_decode( $string ), $encrypt_method, $key, 0, $iv );
        }

        return $output;
    }

}


?>

当我使用该类来解密数据并加密而不存储在数据库中时,当字符串具有所有长度时,它可以正常工作

 <?php
 require_once(dirname(__FILE__).'/Secure.php');
$mainpass = "ALSONG DUSTAN PHILANDER";
//MD5 encryption

$options = [
    'cost' => 12,
];

$mSecure = new SecurityClass();


$encrypted = $mSecure->my_simple_crypt( $mainpass, 'e','sha512' );

$decrypted = $mSecure->my_simple_crypt($encrypted, 'd','sha512' );


echo "encrypted $encrypted<br/>";
echo "decrypted $decrypted<br/>";



?>

这是输出 It is in the link

现在我用这段代码存储mssql数据库

    <?php
 require_once(dirname(__FILE__).'/ConnectionInfo.php' );

 //Get up our connection
 $mConnectionInfo = new ConnectionInfo ();
 $mConnectionInfo->GetConnection();

 if ($mConnectionInfo->conn) {
     # code...
     echo "Connected<br/>";
 }


       $encrypted = $mConnectionInfo->my_simple_crypt('ALSONG DUSTAN PHILANDER'  , 'e','sha384' );
        $myparams['Item_Name'] = $encrypted;

        $encrypted2 = $mConnectionInfo->my_simple_crypt('56'  , 'e','sha384' );
        $myparams['Item_Age'] = $encrypted2;



        $parameters = array(array(&$myparams['Item_Name'],SQLSRV_PARAM_IN),
                            array(&$myparams['Item_Age'],SQLSRV_PARAM_IN));

        $sql = "EXEC spGetUser @Item_Name = ? , @Item_Age = ? ";

        $stmt = sqlsrv_prepare($mConnectionInfo->conn,$sql,$parameters);

        $work = sqlsrv_execute($stmt);

        if ($work) {
            # code...
            echo "Successful $encrypted<br/>";
        }
        else {
            # code...
            echo "Connection Failed.<br/>";
            die(print_r(sqlsrv_errors(),true));
        }
?>

哪个是成功的,然后当我想使用存储过程从数据库中检索它时

    CREATE PROCEDURE [dbo].[spGetAge]
    @Item_Name nvarchar(max) 
AS
    SELECT Name AS IDName,Age FROM [User] WHERE Name = @Item_Name
RETURN 0

然后这是检索它的PHP代码

<?php
    require_once(dirname(__FILE__).'/ConnectionInfo.php' );


        //Get up our connection
        $mConnectionInfo = new ConnectionInfo ();
        $mConnectionInfo->GetConnection();

        if ($mConnectionInfo->conn) {
            # code...
            echo "Connected<br/>";
        }

       $encrypted1 = $mConnectionInfo->my_simple_crypt('ALSONG DUSTAN PHILANDER'  , 'e','sha384' );
         $myparams2['Item_Name'] = $encrypted1;

         $params = array(array(&$myparams2['Item_Name'],SQLSRV_PARAM_IN));


         $sql2 = "EXEC spGetAge @Item_Name = ?";
         $stmt2 = sqlsrv_prepare($mConnectionInfo->conn,$sql2,$params);
         $work = sqlsrv_execute($stmt2);




        if(!$stmt2)
        {
            echo "Query failed <br/>";
            die( print_r( sqlsrv_errors(), true) );
        }
        else{
         $row = sqlsrv_fetch_array($stmt2,SQLSRV_FETCH_ASSOC);

         $name = $row['IDName'];
         if ($name==null) {
             # code...
             echo "Empty";
         }

        $decrypted = $mConnectionInfo->my_simple_crypt($row['IDName'], 'd','sha384' );
         $decrypted2 = $mConnectionInfo->my_simple_crypt($row['Age'], 'd','sha384' );


            echo "The age is $decrypted2 of $decrypted <br/>";
            echo  $row['IDName'] ;
            echo "<br/> The name is  $encrypted1";


        }



?>

输出是 In the link below

只有当我的加密输入字符串长度超过14个字符时才会出现此问题。在将数据存储到数据库中然后对其进行解密后,如何才能使其工作成功。谢谢你的帮助

1 个答案:

答案 0 :(得分:0)

我觉得像php加密是错误的方式去... 如果您将数据存储在SQL服务器中,那么您拥有所需的所有工具。 给this一篇文章。 一旦知道要使用多少层加密,就可以在服务器上创建证书和密钥。 如果你想获得sql server上的信息 - 编写一个在mssql服务器上使用你的组件的存储过程,如果你想让它显示出来,请准备好一个存储过程来解密它们(你应该拥有它,因为数据是如果没有在mssql服务器上解密,那将无法读取)。