[英]How to implement search on encrypted database fields
Iam Using PHP & MySql for my web application. Iam在我的Web应用程序中使用PHP和MySql。 I have a requirement where I need to encrypt user specific information, say name & email_id. 我有一个需要加密用户特定信息(例如姓名和email_id)的要求。
$name = "Kevin John";
$encryptionMethod = "AES-256-CBC";
$secretHash = "25c6c7ff35b8879b151f2136cd13574";
$enc_name = openssl_encrypt($textToEncrypt, $encryptionMethod, $secretHash);
Iam storing this encrypted name in my database. 我将这个加密的名称存储在我的数据库中。 But the real problem is that I need to search the users based on their name.For example:- 但是真正的问题是我需要根据用户名进行搜索,例如:
$qry = "select * from users where name like %john%";
Any suggestion appreciated 任何建议表示赞赏
It is not suggested to encrypt the data that you want to search on. 建议不要对要搜索的数据进行加密。
or you can fetch all the data, decrypt and search if the row contains what you want on the app layer(I would not suggest this approach). 或者您可以获取所有数据,解密并搜索该行是否包含您想要在应用层上显示的内容(我不建议这种方法)。
// Pseudocode $searchTerm = 'john'; $allNamesQuery = 'select * from users'; $allNamesData = execQuery($allNamesQuery); $suggestions = []; foreach($allNamesData as $row){ $row = decryptNameFromRow($row); if(contains($row['name'], $searchTerm)) array_push($suggestions, $row); } print_r($suggestions);
Please suggest if there are any alternatives. 请提出是否有其他选择。
You may have several options, some easy some not 您可能有几种选择,有些简单,有些没有
Use AES Encryption & Decryption in SQL for implementing search on encrypted DB fields. 在SQL中使用AES加密和解密来实现对加密数据库字段的搜索。 syntax:- 句法:-
AES_ENCRYPT('Text_to_encrypt', 'secret_key') AES_ENCRYPT('Text_to_encrypt','secret_key')
AES_DECRYPT('Text_to_decrypt', 'secret_key') AES_DECRYPT('Text_to_decrypt','secret_key')
First encrypt & store the data in DB using AES Encryption in sql 首先使用sql中的AES加密将数据加密并存储在DB中
INSERT INTO User (fname,email,mobile) VALUES (AES_ENCRYPT('Arun gopan', 'Qwfe345dgfdg'), AES_ENCRYPT('arun123@fa.com', 'Qwfe345dgfdg'),'9658475577');
Now you can query the DB using AES DECRYPT in sql for performing search operations. 现在,您可以使用sql中的AES DECRYPT查询数据库以执行搜索操作。
SELECT AES_DECRYPT(fname,'Qwfe345dgfdg'), AES_DECRYPT(email,'Qwfe345dgfdg') FROM User WHERE AES_DECRYPT(fname,'Qwfe345dgfdg') LIKE '%Arun%';
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.