3

I am trying to encrypt the data values when inserting into MYSQL using AES_ENCRYPT and CBC encryption mode: 

SET @@session.block_encryption_mode = 'aes-256-cbc';

If I insert the data directly in SQL, it successfully inserts without any problem.

However, if I insert through PHP using prepared statements (PDO), the data doesn't insert into the database and I receive no error and the lastInsertID returned is 0.

If I remove the AES_ENCRYPT part, it inserts the data successfully.

Complete code:

$sql .= "SET @IV = RANDOM_BYTES(16);";
        $sql .= "INSERT INTO ". TABLE_NAME. " (record_created, name, dob, someinfo, iv) 
            VALUES (
                NOW(), 
                :name,
                AES_ENCRYPT(:dob, :key, @IV), 
                AES_ENCRYPT(:someinfo, :key, @IV),  
                @IV); ";



        try {
            $db = Employee::getConnection();
            $stmt = $db->prepare($sql);  

            $stmt->bindParam(':key', $key);
            $stmt->bindParam(':name', $employee->name);
            $stmt->bindParam(':dob', $employee->dob);
            $stmt->bindParam(':someinfo', $employee->someinfo);

            $stmt->execute();
            $employee->id = $db->lastInsertId();
            $db = null;
            echo json_encode($employee);
Improve this question
7
  • :name',? is it a typo? Commented Aug 2, 2015 at 17:26
  • @u_mulder, no it isn't. What's wrong with it? Commented Aug 2, 2015 at 17:30
  • Why there's a ' after name? Commented Aug 2, 2015 at 17:31
  • @u_mulder, my bad. I don't know how I missed it. I removed it, yet same problem. lastInsertId() is returning 0 and data is not being inserted. Commented Aug 2, 2015 at 17:39
  • So check errors. AFAIK $stmt->errorInfo Commented Aug 2, 2015 at 17:44

1 Answer 1

Reset to default
3

you can't fire multiple Querys seperateted with ";" like in PhpMyAdmin. This is a way, you may prefer:

<?php
$aeskey = '4ldetn43t4aed0ho10smhd1l';

$sql = "INSERT INTO ". TABLE_NAME. " (record_created, name, dob, someinfo) 
            VALUES (
                NOW(), 
                :name',
                AES_ENCRYPT(:dob, '".$aeskey."'), 
                AES_ENCRYPT(:someinfo, '".$aeskey."'));";

$db = Employee::getConnection();
$stmt = $db->prepare($sql);  
$stmt->bindParam(':name', $employee->name);
$stmt->bindParam(':dob', $employee->dob);
$stmt->bindParam(':someinfo', $employee->someinfo);
$stmt->execute();
$employee->id = $db->lastInsertId();
$db = null;
echo json_encode($employee);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks for your reply. I've tried inserting this way and it works but I want to use CBC encryption mode which requires IV as a parameter. How would I enter that?
I'm doing the same thing, and it's possible that you must create another column in the table for the IV, and then generate a random IV for each item, and store it with the value. I assume this because I have not been able to use @iv with the PHP PDO yet.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.