使用PHP在数据库中进行加密数据搜索

I have a search function that I am upgrading to support AES Encryption and for the life of me I don't know what I'm doing wrong.

I am passing the same queries through a search box as I did before I encrypted the data on the database side and I'm not returning any SQL errors. It just shows zero results every time.

Example of the database before encryption:

*****************************************************
* Firstname * Surname * Telephone * Email           *
*****************************************************
* Bob       * Smith   * 0193847   * bob@me.com      *
* Jane      * McBean  * 0584383   * jane@mail.com   *
*****************************************************

Example of the database with encryption:

*****************************************************
* Firstname * Surname * Telephone * Email           *
*****************************************************
* 2d1c5749  * 82559acc* fa3bc41c5 * 759d082559      *
* 13c5802a  * 070e76f8* 70e76f8fe * feaa0ac1635c    *
*****************************************************

The previous working (non encrypted) version:

if(isset($_POST["search"]) && strlen($_POST["search"]) > 3) {
$Search = filter_var($_POST["search"], FILTER_SANITIZE_STRING);
$Search = strip_tags($Search);
$Search_String = filter_var($_POST["search"], FILTER_SANITIZE_STRING);
$Search = "%$Search%";

    $Search_String = filter_var($Search_String, FILTER_SANITIZE_STRING);
            if(strlen(empty($Search_String))){ $error[] = 'The search string is empty';}

if(!isset($error)) {
$Search_list = $dbconn->prepare("SELECT sql_calc_found_rows
                                  event_candidate.id AS candidate_id,
                                  event_candidate.firstname,
                                  event_candidate.surname,
                                  event_candidate.telephone,
                                  event_candidate.email,
                                  FROM event_candidate
                                  WHERE CONCAT_WS(' ', event_candidate.firstname, event_candidate.surname, event_candidate.telephone, event_candidate.email) LIKE ?
                                  "); 
    $Search_list->execute(array($Search));

New code that doesnt return anything:

    $Search = filter_var($_POST["search"], FILTER_SANITIZE_STRING);
    $Search = strip_tags($Search);
    $Search_String = filter_var($_POST["search"], FILTER_SANITIZE_STRING);
    $Search = "%".$Search."%";

$Search_list = $dbconn->prepare("SELECT sql_calc_found_rows
                              event_candidate_demo.id AS candidate_id,
                              event_candidate_demo.firstname,
                              event_candidate_demo.surname,
                              event_candidate_demo.telephone,
                              event_candidate_demo.email,
                              FROM event_candidate_demo
                              WHERE CONCAT_WS(' ', AES_DECRYPT(event_candidate_demo.firstname, UNHEX(:key)), AES_DECRYPT(event_candidate_demo.surname, UNHEX(:key)), AES_DECRYPT(event_candidate_demo.telephone, UNHEX(:key)), AES_DECRYPT(event_candidate_demo.email, UNHEX(:key))) LIKE ':search'
                              "); 
$Search_list->bindParam(':key', $Site_Key, PDO::PARAM_INT);
$Search_list->bindParam(':search', $Search, PDO::PARAM_STR);
$Search_list->execute();

So if i searched for anything realted to Bob it would load the correct record, however I do the same with the encrypted data and it always returns zero results.

I'm not sure if it's the AES_DECRYPT causing the issue or the switch to BindParam.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dpjuppr1361 2018-05-02 12:08
关注
Data when encrypted becomes to resemble random noise. It will also never be the same(if it does you have bad encryption)

There are two solutions for your problem:

Fetch each row from the database, decrypt, compare. <-- Takes a lot of time

Store hashed keys, and compare hashes. <-- Way less secure, makes guessing data easier

You will have to chose one of the two evils depending on the sensitivity, need for speed and risk assesment.

Say you go with option 2 you would have two columns for the first name

event_candidate.firstname, event_candidate.firstname_hash,

in the firstname field you store the encrypted name.
in the firstname_hash you store the hash of the firstname

You can use something like hash('sha512', strtolower($unencrypted_name)) to encrypt the hash.

Then to select data from it you can then do

$select = hash('sha512', strtolower($unencrypted_name)); $Search_list->bindParam(':search', $select, PDO::PARAM_STR);

However, you can then only do exact matches. The entire firstname needs to match, an extra incidental space can obstruct a match.

There are even more secure ways to hash it, using hmacs and other methods. The sample I provided is just to illustrate the base concept. You will have to perform your own risk analysis and sensitivity of the data.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

使用PHP在数据库中进行加密数据搜索 mysql php
2018-05-02 10:49

回答 2 已采纳 Data when encrypted becomes to resemble random noise. It will also never be the same(if it does yo
存储在数据库中的Woocommerce数据的加密格式 database php
2017-10-29 06:41

回答 3 已采纳 The data is in a serialized protected format You could try to use json_decode(), unserialize()
在Nodejs中加密并在PHP中解密 php
2019-02-02 14:40

回答 1 已采纳 Your method is not secure and can also be victim to man in the middle attacks, you should always u
Laravel 数据库加密及数据库表前缀配置方法
2021-01-21 19:22

前提是你项目根目录下有个.env文件，如果没有,敲命令 ”echo 内容 >.env“，生成一个.env 文件（不带引号哦），然后把根路径下的.env.example的内容复制进去，再运行 php artisan key:generate。如果重新生成了k
Php如何实现base64加密数据和java互通 java php
2020-03-20 21:45

回答 2 已采纳 ``` = 3) { for($i=0;$i_debug) { echo '$bin = ',decbin($bin),"\n";
数据库PASSWORD加密失败 mysql 数据库
2022-05-03 14:38

回答 1 已采纳看起来是你的语法报错，检查一下括号是不是英文的，单引号是不是英文的。从你的图片上看应该是括号写成了中文的导致的。
C# 使用变量来保存重要数据是否需要进行加密? c#
2021-08-24 09:30

回答 3 已采纳楼上说的对，题主这思路就不对，如果你使用数据的话，数据库可以帮你搞定密码储存问题。自己做的话常规思路都是只保存一个HASH值，不保存密码明文，用户输入密码后计算一下HASH，对比一下保存的，看是否一样
大数据技术之云数据库
2021-05-05 22:05

编程小吉的博客云数据库是部署和虚拟化在云计算环境中的数据库 云数据库是在云计算的大背景下发展起来的一种新兴的共享基础架构的方法，它极大地增强了数据库的存储能力，消除了人员、硬件、软件的重复配置，让软、硬件升级变得...
php怎么对视频播放地址进行加密 javascript php
2020-09-04 15:33

回答 1 已采纳 https://blog.csdn.net/qincidong/article/details/82781699
如何在查询中使用加密密码？ mysql php
2016-05-16 19:37

回答 1 已采纳 You don't. Look up the user by some identifier (like a username or email address) and then check i
在PHP中加密文本并在Python中解密 php python
2019-01-14 06:49

回答 1 已采纳 The main issue here is that you're using different key-size. PHP's openssl_encrypt determines the
大数据中不同文件格式的比较
2021-12-01 11:15

DisonTangor的博客在数据处理中，有不同类型的文件格式来存储您的数据集。每种格式都有自己的优缺点，具体取决于用例，并且存在用于一个或多个目的。在选择特定格式类型时，了解并利用它们的特性非常重要。某些格式与某些用途或处理...
关于用户注册时的加密数据问题数据库
2017-01-14 06:10

回答 1 已采纳实际的时候，一般用的jar包，就是工具来加密的。用工具降低了数据库资源的使用，因为有的mysql数据库限制了内存和cpu的。但是使用mysql的md5()更方便。
使用phpMyAdmin进行WordPress数据库管理的初学者指南
2020-09-12 12:15

cumyupx7788305的博客 WordPress is written using PHP as its scripting language and MySQL as its database management system. In order to use WordPress, you don’t really need to learn ... WordPress是使用PHP作为其脚本语言...
2023大数据面试题+附答案
2023-04-26 23:19

小獾哥的博客 2023大数据面试题+附答案。
没有解决我的问题, 去提问

悬赏问题

¥15 求一个智能家居控制的代码
¥15 ad软件 pcb布线pcb规则约束编辑器where the object matpcb布线pcb规则约束编辑器where the object matchs怎么没有+15v只有no net
¥15 虚拟机vmnet8 nat模式可以ping通主机，主机也能ping通虚拟机，但是vmnet8一直未识别怎么解决，其次诊断结果就是默认网关不可用
¥20 求各位能用我能理解的话回答超级简单的一些问题
¥15 yolov5双目识别输出坐标代码报错
¥15 这个代码有什么语法错误
¥15 给予STM32按键中断与串口通信
¥15 使用QT实现can通信
¥15 关于sp验证的一些东西，求告知如何解决，
¥35 关于#javascript#的问题：但是我写的只能接码数字和字符，帮我写一个解码JS问题

使用PHP在数据库中进行加密数据搜索

2条回答 默认 最新

悬赏问题

2条回答默认最新