


How to correctly use AES_ENCRYPT() and AES_DECRYPT() for encryption and decryption in MySQL
This article mainly introduces you to the correct method of encryption and decryption using AES_ENCRYPT() and AES_DECRYPT() in MySQL. The AES_ENCRYPT('password','key') function in MySQL can encrypt field values. AES_DECRYPT(table's Field name, 'key') function decryption processing, the article gives detailed sample code, friends in need can refer to it, I hope it can help everyone.
Preface
I recently encountered a requirement at work: I need to use the AES_ENCRYPT()
function The plaintext was encrypted and stored in MySQL, but some problems were encountered... Let's introduce it in detail below.
It is said that the encrypted ciphertext will be NULL after decryption.
took a look and found the table structure she sent:
# After looking at it, she encrypted one through the AES_DECRYPT() function string, and then insert it. After successful execution, a warning is displayed: <br>Query OK, 1 row affected, 1 warning (0.00 sec)
(no The error was a warning, probably because of sql_mode)
At this time, she ignored the warning, and after decrypting it through AES_DECRYPT()
, she found that the plaintext taken out was NULL.
Looking back at the table structure, we found that its field attribute is "varchar" && and the character set is ut8. The warning is as follows:
mysql> show warnings; +---------+------+------------------------------------------------------------------------+ | Level | Code | Message | +---------+------+------------------------------------------------------------------------+ | Warning | 1366 | Incorrect string value: '\xE3f767\x12...' for column 'passwd' at row 1 | +---------+------+------------------------------------------------------------------------+ 1 row in set (0.00 sec)
Checked it Document, take a look at the use of these two functions:
-- 将'hello world'加密,密钥为'key',加密后的串存在@pass中 mysql> SET @pass=AES_ENCRYPT('hello world', 'key'); Query OK, 0 rows affected (0.00 sec) -- 看一下加密后串的长度(都为2的整数次方) mysql> SELECT CHAR_LENGTH(@pass); +--------------------+ | CHAR_LENGTH(@pass) | +--------------------+ | 16 | +--------------------+ 1 row in set (0.00 sec) -- 使用AES_DECRYPT()解密 mysql> SELECT AES_DECRYPT(@pass, 'key'); +---------------------------+ | AES_DECRYPT(@pass, 'key') | +---------------------------+ | hello world | +---------------------------+ 1 row in set (0.00 sec)
So how to save it?
Method ①:
Set the field attributes to varbinary/binary/four blob types, and other binary field attributes.
Create three fields with attributes varbinary, binary, and blob.
Encrypt 'plaintext1', 'text2', 'plaintext_text3' with the key key and store them in the table.
Finally take it out.
mysql> CREATE TABLE t_passwd (pass1 varbinary(16), pass2 binary(16), pass3 blob); Query OK, 0 rows affected (0.00 sec) mysql> INSERT INTO t_passwd VALUES (AES_ENCRYPT('明文1', 'key'), AES_ENCRYPT('text2', 'key'), AES_ENCRYPT('明文_text3', 'key')); Query OK, 1 row affected (0.01 sec) mysql> SELECT AES_DECRYPT(pass1, 'key'), AES_DECRYPT(pass2, 'key'), AES_DECRYPT(pass3, 'key') FROM t_passwd; +---------------------------+---------------------------+---------------------------+ | AES_DECRYPT(pass1, 'key') | AES_DECRYPT(pass2, 'key') | AES_DECRYPT(pass3, 'key') | +---------------------------+---------------------------+---------------------------+ | 明文1 | text2 | 明文_text3 | +---------------------------+---------------------------+---------------------------+ 1 row in set (0.00 sec)
Of course, the length in the attribute brackets depends on the length of the plaintext. The plaintext here is shorter, so only 16 is given.
Method 2:
Convert the ciphertext to hexadecimal and then store it in the varchar/char column.
Here you need to use HEX() to deposit, and use UNHEX()
to withdraw.
Create a field with a string attribute.
Encrypt 'hello world' with AES using the key 'key2', and then hexadecimalize the encrypted string through the HEX function.
Finally, take out the encrypted string through UNHEX, and then decrypt it through the AES key 'key2':
mysql> CREATE TABLE t_passwd_2(pass1 char(32)); Query OK, 0 rows affected (0.01 sec) mysql> INSERT INTO t_passwd_2 VALUES (HEX(AES_ENCRYPT('hello world', 'key2'))); Query OK, 1 row affected (0.00 sec) mysql> SELECT AES_DECRYPT(UNHEX(pass1), 'key2') FROM t_passwd_2; +-----------------------------------+ | AES_DECRYPT(UNHEX(pass1), 'key2') | +-----------------------------------+ | hello world | +-----------------------------------+ 1 row in set (0.00 sec)
Similarly, depending on the length of the plaintext, the AES_ENCRYPT encrypted string The string length will also change, so the string length after HEX will also change.
In actual use, a reasonable value needs to be evaluated based on the business.
Method ③:
is stored directly in varchar without hexadecimal conversion.
Going back to the beginning of the problem, it is not possible to store the encrypted string in the utf8 character set and the attribute is varchar.
In fact, just change the character set to latin1:
The warning will not be reported when inserting.
mysql> CREATE TABLE t_passwd_3(pass varchar(32)) CHARSET latin1; Query OK, 0 rows affected (0.00 sec) mysql> INSERT INTO t_passwd_3 SELECT AES_ENCRYPT('text', 'key3'); Query OK, 1 row affected (0.00 sec) Records: 1 Duplicates: 0 Warnings: 0 mysql> SELECT AES_DECRYPT(pass, 'key3') FROM t_passwd_3; +---------------------------+ | AES_DECRYPT(pass, 'key3') | +---------------------------+ | text | +---------------------------+ 1 row in set (0.00 sec)
Although this method is beautiful, it only needs to set the field character set to latin1, but it may bring hidden dangers:
The document writes this sentence:
Many encryption and compression functions return strings for which the result might contain arbitrary byte values. If you want to store these results, use a column with a VARBINARY or BLOB binary string data type. This will avoid potential problems with trailing space removal or character set conversion that would change data values, such as may occur if you use a nonbinary string data type (CHAR, VARCHAR, TEXT).
The general idea is that if you use method ③ , directly storing the encrypted string into the char/varchar/text type, which may have potential effects when converting characters or when spaces are deleted.
So if it must be stored in char/varchar/text, then refer to method ② and hexadecimalize it.
Or like method ①, store it directly in the binary field.
Related recommendations:
How to use OpenSSL instead of Mcrypt encryption and decryption in PHP?
WeChat applet development function introduction and encryption and decryption NODE-UUID introduction
Detailed explanation of PHP data compression, encryption and decryption (pack, unpack)
The above is the detailed content of How to correctly use AES_ENCRYPT() and AES_DECRYPT() for encryption and decryption in MySQL. For more information, please follow other related articles on the PHP Chinese website!

MySQLdiffersfromotherSQLdialectsinsyntaxforLIMIT,auto-increment,stringcomparison,subqueries,andperformanceanalysis.1)MySQLusesLIMIT,whileSQLServerusesTOPandOracleusesROWNUM.2)MySQL'sAUTO_INCREMENTcontrastswithPostgreSQL'sSERIALandOracle'ssequenceandt

MySQL partitioning improves performance and simplifies maintenance. 1) Divide large tables into small pieces by specific criteria (such as date ranges), 2) physically divide data into independent files, 3) MySQL can focus on related partitions when querying, 4) Query optimizer can skip unrelated partitions, 5) Choosing the right partition strategy and maintaining it regularly is key.

How to grant and revoke permissions in MySQL? 1. Use the GRANT statement to grant permissions, such as GRANTALLPRIVILEGESONdatabase_name.TO'username'@'host'; 2. Use the REVOKE statement to revoke permissions, such as REVOKEALLPRIVILEGESONdatabase_name.FROM'username'@'host' to ensure timely communication of permission changes.

InnoDB is suitable for applications that require transaction support and high concurrency, while MyISAM is suitable for applications that require more reads and less writes. 1.InnoDB supports transaction and bank-level locks, suitable for e-commerce and banking systems. 2.MyISAM provides fast read and indexing, suitable for blogging and content management systems.

There are four main JOIN types in MySQL: INNERJOIN, LEFTJOIN, RIGHTJOIN and FULLOUTERJOIN. 1.INNERJOIN returns all rows in the two tables that meet the JOIN conditions. 2.LEFTJOIN returns all rows in the left table, even if there are no matching rows in the right table. 3. RIGHTJOIN is contrary to LEFTJOIN and returns all rows in the right table. 4.FULLOUTERJOIN returns all rows in the two tables that meet or do not meet JOIN conditions.

MySQLoffersvariousstorageengines,eachsuitedfordifferentusecases:1)InnoDBisidealforapplicationsneedingACIDcomplianceandhighconcurrency,supportingtransactionsandforeignkeys.2)MyISAMisbestforread-heavyworkloads,lackingtransactionsupport.3)Memoryengineis

Common security vulnerabilities in MySQL include SQL injection, weak passwords, improper permission configuration, and unupdated software. 1. SQL injection can be prevented by using preprocessing statements. 2. Weak passwords can be avoided by forcibly using strong password strategies. 3. Improper permission configuration can be resolved through regular review and adjustment of user permissions. 4. Unupdated software can be patched by regularly checking and updating the MySQL version.

Identifying slow queries in MySQL can be achieved by enabling slow query logs and setting thresholds. 1. Enable slow query logs and set thresholds. 2. View and analyze slow query log files, and use tools such as mysqldumpslow or pt-query-digest for in-depth analysis. 3. Optimizing slow queries can be achieved through index optimization, query rewriting and avoiding the use of SELECT*.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
