[英]SQL Server Always Encrypted: Operand type clash: varchar is incompatible with varchar(max)
As we have regulation changes coming in force in the UK soon a database that I am working on that needs to be updated to have any personal identifiable information encrypted. 由于我们很快将在英国实施法规变更,我正在处理的数据库需要更新以加密任何个人身份信息。
A number of my tables have been altered successfully, however on some tables where there are triggers I am getting the following error. 我的一些表已成功更改,但在某些有触发器的表上,我收到以下错误。
Error SQL72014: .Net SqlClient Data Provider: Msg 206, Level 16, State 2, Procedure tr_Employee_Update, Line 27 Operand type clash: varchar is incompatible with varchar(max) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK_Auto1', column_encryption_key_database_name = 'xxxx') collation_name = 'Latin1_General_BIN2'
错误SQL72014:.Net SqlClient数据提供程序:消息206,级别16,状态2,过程tr_Employee_Update,第27行操作数类型冲突:varchar与使用加密的varchar(max)不兼容(encryption_type ='DETERMINISTIC',encryption_algorithm_name ='AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name ='CEK_Auto1',column_encryption_key_database_name ='xxxx')collation_name ='Latin1_General_BIN2'
I have looked at this question here, however this doesnt solve my issue Operand type clash: varchar is incompatible with varchar(50) trying to insert in encrypted database 我在这里看过这个问题,但这并没有解决我的问题操作数类型冲突:varchar与varchar(50)不兼容试图插入加密数据库
Same with this question too where is doesnt address my issue exactly. 同样这个问题也在哪里不能完全解决我的问题。 SQL Server Always Encrypted Operand type clash: varchar is incompatible with varchar(60) when running EXEC sproc .
SQL Server始终加密操作数类型冲突:varchar与运行EXEC sproc时的varchar(60)不兼容 。
I have this issue on a number of tables so would be grateful for any and all help. 我在许多表格上都有这个问题,所以对任何和所有的帮助都会感激不尽。
Please see the SQL Fiddle here 请在这里查看SQL小提琴
http://sqlfiddle.com/#!18/4ac5c/3 http://sqlfiddle.com/#!18/4ac5c/3
I have had to split the table and trigger creation because the SQL length is greater than 8000 characters but this is the fullest example I can give. 我不得不拆分表并触发创建,因为SQL长度大于8000个字符,但这是我能给出的最完整的例子。
I am encrypting the columns using Encryption type: Deterministic and Encryption key name: CEK_Auto1. 我正在使用加密类型加密列:确定性和加密密钥名称:CEK_Auto1。
Not all columns in this table need encrypting and I am altering some of the other fields that have default values too where encryption does need to take place. 并非此表中的所有列都需要加密,而且我正在更改其他一些具有默认值的字段,并且需要进行加密。
Any and all help on the reported issue would be gratefully received. 将非常感激地收到有关所报道问题的任何和所有帮助。
CREATE TABLE [dbo].[Employee] (
[EmployeeID] INT IDENTITY (1, 1) NOT NULL,
[EmployeeTypeID] INT NOT NULL,
[Title] VARCHAR (50) NOT NULL,
[Forename] VARCHAR (30) NOT NULL,
[Surname] VARCHAR (30) NOT NULL,
[AddressLine1] VARCHAR (60) NOT NULL,
[AddressLine2] VARCHAR (60) NOT NULL,
[AddressLine3] VARCHAR (60) NOT NULL,
[AddressLine4] VARCHAR (60) NOT NULL,
[Town] VARCHAR (50) NOT NULL,
[County] VARCHAR (50) NOT NULL,
[PostCode] VARCHAR (20) NOT NULL,
[Phone] VARCHAR (20) CONSTRAINT [DF_Employee_Phone] DEFAULT ('') NOT NULL,
[Mobile] VARCHAR (20) NOT NULL,
[Fax] VARCHAR (20) NOT NULL,
[Email] VARCHAR (50) NOT NULL,
[Extension] VARCHAR (10) CONSTRAINT [DF_Employee_Extension_1] DEFAULT ('') NOT NULL,
[SpeedDial] VARCHAR (10) CONSTRAINT [DF_Employee_SpeedDial_1] DEFAULT ('') NOT NULL,
[Notes] VARCHAR (MAX) NOT NULL,
[EmployeeTeamID] INT NULL,
[Created] DATETIME CONSTRAINT [DF_Employee_Created] DEFAULT (getdate()) NOT NULL,
[OperatorIDCreated] INT NOT NULL,
[Updated] DATETIME CONSTRAINT [DF_Employee_Updated] DEFAULT (getdate()) NOT NULL,
[OperatorIDUpdated] INT NOT NULL,
[Deleted] BIT CONSTRAINT [DF_Employee_Deleted] DEFAULT ((0)) NOT NULL,
[EmployeeIDManager] INT NULL,
[JobTitle] VARCHAR (100) CONSTRAINT [DF_Employee_JobTitle] DEFAULT ('') NOT NULL,
CONSTRAINT [PK_Employee] PRIMARY KEY CLUSTERED ([EmployeeID] ASC),
CONSTRAINT [FK_Employee_Employee] FOREIGN KEY ([EmployeeIDManager]) REFERENCES [dbo].[Employee] ([EmployeeID]),
CONSTRAINT [FK_Employee_EmployeeTeam] FOREIGN KEY ([EmployeeTeamID]) REFERENCES [dbo].[EmployeeTeam] ([EmployeeTeamID]),
CONSTRAINT [FK_Employee_EmployeeType] FOREIGN KEY ([EmployeeTypeID]) REFERENCES [dbo].[EmployeeType] ([EmployeeTypeID])
);
GO
CREATE NONCLUSTERED INDEX [IX_Employee_Surname]
ON [dbo].[Employee]([Surname] ASC);
GO
CREATE TABLE [dbo].[AuditItem](
[AuditItemID] [INT] IDENTITY(1,1) NOT NULL,
[ID] [INT] NOT NULL,
[AuditEntityID] [INT] NOT NULL,
[AuditTypeID] [INT] NOT NULL,
[Note] [VARCHAR](MAX) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = DETERMINISTIC, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NOT NULL,
[Created] [DATETIME] NOT NULL,
[OperatorIDCreated] [INT] NOT NULL,
[ProfessionalIDCreated] [INT] NULL,
CONSTRAINT [PK_AuditItem] PRIMARY KEY CLUSTERED
(
[AuditItemID] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
ALTER Trigger [dbo].[tr_Employee_Update] ON [dbo].[Employee]
FOR UPDATE
AS
--Audit Entity ID for Employees
Declare @AuditEntityID int
set @AuditEntityID = 2
Insert AuditItem
(ID,AuditEntityID,AuditTypeID, Note, Created, OperatorIDCreated)
Select
inserted.EmployeeID,
@AuditEntityID,
--Update type
2,
'Name changed from ' + ltrim(rtrim(ltrim(rtrim(Deleted.Title)) + ' ' + ltrim(rtrim(Deleted.Forename)) + ' ' + ltrim(rtrim(Deleted.Surname)))) + ' to ' + + ltrim(rtrim(ltrim(rtrim(Inserted.Title)) + ' ' + ltrim(rtrim(Inserted.Forename)) + ' ' + ltrim(rtrim(Inserted.Surname)))),
GetDate(),
inserted.OperatorIDUpdated
From inserted
Inner Join deleted on inserted.EmployeeID = deleted.EmployeeID
Where deleted.Title <> inserted.Title or deleted.Forename <> inserted.Forename or deleted.Surname <> inserted.Surname
After much research into this today it is unfortunate at the moment that triggers are not supported to update Encrypted Columns regardless of the data type. 在对此进行了大量研究之后,目前很不幸的是,不管数据类型如何,都不支持更新加密列的触发器。 So anyone who stumbled across this question and is having the same issue you will need to complete your updates through stored procedures but they will need to be called via application code.
因此,任何偶然发现这个问题且遇到同样问题的人都需要通过存储过程完成更新,但需要通过应用程序代码调用它们。
Although the two linked questions in my question above do not directly address my question or help me, you may need to follow the answers in the questions to help you should you need to pass parameterised values to a stored procedure and have issues. 虽然上面我的问题中的两个相关问题没有直接解决我的问题或帮助我,但您可能需要按照问题中的答案来帮助您将参数化值传递给存储过程并产生问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.