Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/310.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 是否可以使用sql参数化查询插入对称加密的加密列_C#_Sql_Sql Server - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 是否可以使用sql参数化查询插入对称加密的加密列

C# 是否可以使用sql参数化查询插入对称加密的加密列

c# sql sql-server

C# 是否可以使用sql参数化查询插入对称加密的加密列,c#,sql,sql-server,C#,Sql,Sql Server,我正在研究数据库加密,即SQL server 2008 Express中基于单元格的对称加密。 但问题是用于插入的参数化查询不起作用。请帮帮我 编辑: 我使用以下查询作为示例: foreach (var list in from DataRow row in dataTable.Rows select new ArrayList { String.Format("@var1,

我正在研究数据库加密,即SQL server 2008 Express中基于单元格的对称加密。 但问题是用于插入的参数化查询不起作用。请帮帮我

编辑:

我使用以下查询作为示例:

foreach (var list in from DataRow row in dataTable.Rows select new ArrayList
                           {
                                 String.Format("@var1, {0}", row["Column1"]), 
                                 String.Format("@var2, {0}", row["Column2"]),
                                 String.Format("@var3, {0}", row["Column3"])
                           })
    {
         var query = String.Format(@"OPEN SYMMETRIC KEY {0} DECRYPTION BY CERTIFICATE {1} 
                     INSERT INTO TableA (Column1, Column2, Column3) VALUES (@ENCRYPTBYKEY(KEY_GUID('symKey'), '{2}'), ENCRYPTBYKEY(KEY_GUID('symKey'), '{3}'), ENCRYPTBYKEY(KEY_GUID('symKey'), '{4}'))", symKey, symCer, "@var1", "@var2", "@var3");
         con.Execute.ExecuteParameterizedQuery(query, list);
    }

public string ExecuteParameterizedQuery(string query, ArrayList parametersList)
{
      errorFlag = Connect(un, pasw, 3);
      if ((String.CompareOrdinal(errorFlag, "Open") == 0))
      {
          var myTran = myConnection.BeginTransaction();
          cmd = new SqlCommand(query, myConnection) { Transaction = myTran };
          for (var i = 0; i < parametersList.Count; i++)
          {
              var split = parametersList[i].ToString().Split(',');
              cmd.Parameters.AddWithValue(split[0], split[1]);
          }
          try
          {
              cmd.CommandText = query;
              cmd.ExecuteNonQuery();
              myTran.Commit();
              errorFlag = string.Empty;
          }
          catch (Exception e)
          {
              errorFlag = e.Message;
          }
          finally
          {
              myConnection.Close();
              myConnection.Dispose();
          }
          return errorFlag;
      }
      myConnection.Close();
      myConnection.Dispose();
      return errorFlag;
  }
这里我的建议是

  • 使用创建一个过程

    INSERT INTO TableA (Column1, Column2, Column3) VALUES(@val1,@val2,@val3)
  • 现在在C#中创建一个
    encryptThestring(string val)
    函数,它将返回给定正常输入值的加密值

  • 最后在C#中调用该过程,并将参数作为

    encryptThestring(string val1)
encryptThestring(string val2)
encryptThestring(string val3)
    • 这是C#.net函数

    public string EncryptString(string val)
            {
                SqlConnection sqlconn = new SqlConnection("conn_string");
                sqlconn.Open();
                SqlCommand cmd = new SqlCommand();
                cmd.Connection = sqlconn;

                cmd.CommandText = "ng_encryptString"; // This is the sproc which will encrypt the string
                cmd.CommandType = CommandType.StoredProcedure;

                SqlParameter param1 = cmd.Parameters.Add("inpuStr", SqlDbType.VarChar, 500);
                param1.Direction = ParameterDirection.Input;

                SqlParameter param3 = cmd.Parameters.Add("@encryptedStr", SqlDbType.VarChar, 2000);
                param3.Direction = ParameterDirection.Output;

                param1.Value = val;

                cmd.ExecuteNonQuery();
                sqlconn.Close();
                return (string)param3.Value;

            }
    存储过程ng_加密字符串

    CREATE Procedure [dbo].[ng_encryptString]  
@string varchar(255),  
@encryptedStr varbinary(2000)  OUTPUT  

As  
Begin  


Declare @res varbinary(2000)  

IF NOT EXISTS(select * from sys.symmetric_keys where name='##MS_DatabaseMasterKey##')  
CREATE MASTER KEY ENCRYPTION  
BY PASSWORD = 'yourpassword'  


IF NOT EXISTS(select * from sys.certificates where name='EncryptTestCert')  
CREATE CERTIFICATE EncryptTestCert  
WITH SUBJECT = 'yoursubject'  

IF NOT EXISTS(select * from sys.symmetric_keys where name='TestTableKey')   
CREATE SYMMETRIC KEY TestTableKey  
WITH ALGORITHM = TRIPLE_DES ENCRYPTION  
BY CERTIFICATE EncryptTestCert  

OPEN SYMMETRIC KEY TestTableKey DECRYPTION  
BY CERTIFICATE EncryptTestCert  


SELECT @encryptedStr=ENCRYPTBYKEY(KEY_GUID('TestTableKey'),@string)  

end
    你能举一个例子来解释吗?我不想用C#加密任何字符串。不,你不必用C#加密,只需调用该函数中的sql语句并返回所需的加密字符串。在上面的EncryptString方法中,找不到存储过程“ng_encryptString”,您必须根据加密密钥编写该过程。。!!我已经创建了一个过程,但给出了一个错误,你能帮我吗? 
    CREATE Procedure [dbo].[ng_encryptString]  
@string varchar(255),  
@encryptedStr varbinary(2000)  OUTPUT  

As  
Begin  


Declare @res varbinary(2000)  

IF NOT EXISTS(select * from sys.symmetric_keys where name='##MS_DatabaseMasterKey##')  
CREATE MASTER KEY ENCRYPTION  
BY PASSWORD = 'yourpassword'  


IF NOT EXISTS(select * from sys.certificates where name='EncryptTestCert')  
CREATE CERTIFICATE EncryptTestCert  
WITH SUBJECT = 'yoursubject'  

IF NOT EXISTS(select * from sys.symmetric_keys where name='TestTableKey')   
CREATE SYMMETRIC KEY TestTableKey  
WITH ALGORITHM = TRIPLE_DES ENCRYPTION  
BY CERTIFICATE EncryptTestCert  

OPEN SYMMETRIC KEY TestTableKey DECRYPTION  
BY CERTIFICATE EncryptTestCert  


SELECT @encryptedStr=ENCRYPTBYKEY(KEY_GUID('TestTableKey'),@string)  

end