如何使用 AES_ENCRYPT 和 PDO 准备语句改进 PHP 中大型加密数据库的解决方法?
How to improve the workaround in PHP for large encrypted databases using AES_ENCRYPT with PDO prepared statements?
在 MySQL 中使用准备好的语句,您只需使用一个参数一次。
如下例所示的编码将调用“SQLSTATE[HY093]:参数编号无效”
$enigma = 'ThisIsTheSecretEncryptionKey';
$data = [
'name' => $name,
'first_name' => $first_name,
'gender' => $gender,
'birthdate' => $birthdate,
'email' => $email,
'profession' => $profession,
'enigma' => $enigma
];
$sql = "INSERT INTO members
(name , firstname , gender , birthdate, email, profession)
VALUES(
AES_ENCRYPT(:name, :enigma),
AES_ENCRYPT(:first_name, :enigma),
AES_ENCRYPT(:gender, :enigma),
AES_ENCRYPT(:birthdate, :enigma)
AES_ENCRYPT(:email, :enigma)
AES_ENCRYPT(:profession, :enigma)
)";
$pdo->prepare($sql)->execute($data);
为了克服这个问题,我找到了这个解决方案:
$enigma = 'ThisIsTheSecretEncryptionKey';
$data = [
'name' => $name,
'first_name' => $first_name,
'gender' => $gender,
'birthdate' => $birthdate,
'email' => $email,
'profession' => $profession,
'enigma' => $enigma,
'enigma2' => $enigma,
'enigma3' => $enigma,
'enigma4' => $enigma,
'enigma5' => $enigma,
'enigma6' => $enigma,
];
$sql = "INSERT INTO members
(name , firstname , gender , birthdate, email, profession)
VALUES(
AES_ENCRYPT(:name, :enigma),
AES_ENCRYPT(:first_name, :enigma2),
AES_ENCRYPT(:gender, :enigma3),
AES_ENCRYPT(:birthdate, :enigma4)
AES_ENCRYPT(:email, :enigma5)
AES_ENCRYPT(:profession, :enigma6)
)";
$pdo->prepare($sql)->execute($data);
它有效,但它不是一个真正顺利的解决方案,尤其是当涉及到包含大量列的表时。
在 MySQL?
的加密数据库中是否有其他方法使用准备好的语句
至少有两个选项
首先,您可以启用 emulation mode for PDO(或者,不要在连接选项中禁用它)。在这种情况下,PDO 将开始在命名占位符方面表现得明智,并允许您重用它们,因此您只需定义一次。
$data = [
'name' => $name,
'first_name' => $first_name,
'gender' => $gender,
'birthdate' => $birthdate,
'email' => $email,
'profession' => $profession,
'enigma' => $enigma,
];
$sql = "INSERT INTO members
(name , firstname , gender , birthdate, email, profession)
VALUES(
AES_ENCRYPT(:name, :enigma),
AES_ENCRYPT(:first_name, :enigma),
AES_ENCRYPT(:gender, :enigma),
AES_ENCRYPT(:birthdate, :enigma)
AES_ENCRYPT(:email, :enigma)
AES_ENCRYPT(:profession, :enigma)
)";
另一种选择是使用 SQL 变量。您可以 运行 一个查询(如果所有表都使用相同的谜,您可以 运行 在连接后每个脚本执行一次这个查询)
$pdo->prepare("SET @aes_enigma=:enigma")->execute([$enigma]);
然后在您的查询中使用这个变量
$data = [
'name' => $name,
'first_name' => $first_name,
'gender' => $gender,
'birthdate' => $birthdate,
'email' => $email,
'profession' => $profession,
];
$sql = "INSERT INTO members
(name , firstname , gender , birthdate, email, profession)
VALUES(
AES_ENCRYPT(:name, @aes_enigma),
AES_ENCRYPT(:first_name, @aes_enigma),
AES_ENCRYPT(:gender, @aes_enigma),
AES_ENCRYPT(:birthdate, @aes_enigma)
AES_ENCRYPT(:email, @aes_enigma)
AES_ENCRYPT(:profession, @aes_enigma)
)";
但老实说,我会不惜一切代价避免使用加密数据库。可能是几个表中的一些选定字段。但是鉴于你不能对加密数据使用索引,只有最多几千行的玩具数据库才真正可用。
在 MySQL 中使用准备好的语句,您只需使用一个参数一次。 如下例所示的编码将调用“SQLSTATE[HY093]:参数编号无效”
$enigma = 'ThisIsTheSecretEncryptionKey';
$data = [
'name' => $name,
'first_name' => $first_name,
'gender' => $gender,
'birthdate' => $birthdate,
'email' => $email,
'profession' => $profession,
'enigma' => $enigma
];
$sql = "INSERT INTO members
(name , firstname , gender , birthdate, email, profession)
VALUES(
AES_ENCRYPT(:name, :enigma),
AES_ENCRYPT(:first_name, :enigma),
AES_ENCRYPT(:gender, :enigma),
AES_ENCRYPT(:birthdate, :enigma)
AES_ENCRYPT(:email, :enigma)
AES_ENCRYPT(:profession, :enigma)
)";
$pdo->prepare($sql)->execute($data);
为了克服这个问题,我找到了这个解决方案:
$enigma = 'ThisIsTheSecretEncryptionKey';
$data = [
'name' => $name,
'first_name' => $first_name,
'gender' => $gender,
'birthdate' => $birthdate,
'email' => $email,
'profession' => $profession,
'enigma' => $enigma,
'enigma2' => $enigma,
'enigma3' => $enigma,
'enigma4' => $enigma,
'enigma5' => $enigma,
'enigma6' => $enigma,
];
$sql = "INSERT INTO members
(name , firstname , gender , birthdate, email, profession)
VALUES(
AES_ENCRYPT(:name, :enigma),
AES_ENCRYPT(:first_name, :enigma2),
AES_ENCRYPT(:gender, :enigma3),
AES_ENCRYPT(:birthdate, :enigma4)
AES_ENCRYPT(:email, :enigma5)
AES_ENCRYPT(:profession, :enigma6)
)";
$pdo->prepare($sql)->execute($data);
它有效,但它不是一个真正顺利的解决方案,尤其是当涉及到包含大量列的表时。 在 MySQL?
的加密数据库中是否有其他方法使用准备好的语句至少有两个选项
首先,您可以启用 emulation mode for PDO(或者,不要在连接选项中禁用它)。在这种情况下,PDO 将开始在命名占位符方面表现得明智,并允许您重用它们,因此您只需定义一次。
$data = [
'name' => $name,
'first_name' => $first_name,
'gender' => $gender,
'birthdate' => $birthdate,
'email' => $email,
'profession' => $profession,
'enigma' => $enigma,
];
$sql = "INSERT INTO members
(name , firstname , gender , birthdate, email, profession)
VALUES(
AES_ENCRYPT(:name, :enigma),
AES_ENCRYPT(:first_name, :enigma),
AES_ENCRYPT(:gender, :enigma),
AES_ENCRYPT(:birthdate, :enigma)
AES_ENCRYPT(:email, :enigma)
AES_ENCRYPT(:profession, :enigma)
)";
另一种选择是使用 SQL 变量。您可以 运行 一个查询(如果所有表都使用相同的谜,您可以 运行 在连接后每个脚本执行一次这个查询)
$pdo->prepare("SET @aes_enigma=:enigma")->execute([$enigma]);
然后在您的查询中使用这个变量
$data = [
'name' => $name,
'first_name' => $first_name,
'gender' => $gender,
'birthdate' => $birthdate,
'email' => $email,
'profession' => $profession,
];
$sql = "INSERT INTO members
(name , firstname , gender , birthdate, email, profession)
VALUES(
AES_ENCRYPT(:name, @aes_enigma),
AES_ENCRYPT(:first_name, @aes_enigma),
AES_ENCRYPT(:gender, @aes_enigma),
AES_ENCRYPT(:birthdate, @aes_enigma)
AES_ENCRYPT(:email, @aes_enigma)
AES_ENCRYPT(:profession, @aes_enigma)
)";
但老实说,我会不惜一切代价避免使用加密数据库。可能是几个表中的一些选定字段。但是鉴于你不能对加密数据使用索引,只有最多几千行的玩具数据库才真正可用。