So I have been browsing the internet, and came across the MySQL built-in function AES_ENCRYPT. It doesn't seem too hard to use, but some sources tell me to store the encrypted data as a VARCHAR, and some say to store it as a BLOB. What should I store the encrypted data as?
Many encryption and compression functions return strings for which the result might contain arbitrary byte values. If you want to store these results, use a column with a VARBINARY or BLOB binary string data type. This will avoid potential problems with trailing space removal or character set conversion that would change data values, such as may occur if you use a nonbinary string data type (CHAR, VARCHAR, TEXT).
Source: http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html
If you need to use VARCHAR, rather than BLOB, then convert the encrypted binary to Base64 which only uses printable characters and can be safely stored as VARCHAR. Of course you will need to convert it back from Base64 to binary before decrypting.
I have always used blobs to stored encrypted data in MySQL.
You can use Binary. BINARY in STRING. It have to work. I am using it. Write me answer if it doesn't working.
Related
I'm using phpseclib for encrypting data, My MySQL database's encoding is utf8-general-ci.
when I encrypt an string and save it to the table some of characters appears in '?' charachter. This make mistake when I want to decrypt it.
What encoding should I use to have all of the characters?
please help.
If you encrypt your data to a binary string, it can no longer be stored in an UTF8 encoded string, since some binary values/sequences are just not valid UTF8.
Just base64 encode your string (or change the column type to a binary type) before storing it and things should work better.
Seemingly simple question, corresponds to another question that was asked with regards to MySQL: How does one store the hex value that results from a SHA1 hash in a PostgreSQL database?
Note: I realize I could use a VARCHAR(40) field, but this isn't efficient, as the data is in hex. Also, I am using PHP to interact with the database, so I can use PHP functions if necessary, but if this is the case, what do I store the result as in the database?
I would store as bytea, hex encoded. Converting the human-readable hex data to bytea is simply a matter of:
('\x' || sha1_hex_value)::bytea
The only real disadvantage here is that depending on your app framework you may get a binary representation out. If not you will get an escaped version and depending on the escape settings, may want to convert to binary yourself (if it is hex though you can just strip off the \x at the front of the value and use as hex).
I am storing serialized data in a mysql and am unsure which field type to choose?
One example of the serialized data output is below,
string(393) "a:3:{s:4:"name";s:22:"PACMAN-Appstap.net.rar";s:8:"trackers";a:6:{i:0;s:30:"http://tracker.ccc.de/announce";i:1;s:42:"http://tracker.openbittorrent.com/announce";i:2;s:36:"http://tracker.publicbt.com/announce";i:3;s:23:"udp://tracker.ccc.se:80";i:4;s:35:"udp://tracker.openbittorrent.com:80";i:5;s:29:"udp://tracker.publicbt.com:80";}s:5:"files";a:1:{s:22:"PACMAN-Appstap.net.rar";i:4147632;}}"
The string lengths of the data can vary greatly upto around 20,000 characters.
I understand that I do not want to use TEXT data type as this could corrupt data because of character sets that it would have to use.
I am stuck as when it comes to use either VARBINARY, BLOB, MEDIUMBLOB etc.
Let us say if I use VARBINARY(20000) does this mean that I can insert a string of 20000 in length safely and if it is over then discard the insert?
I agree with PLB in that you should use BLOB. The length attribute specifies how many bytes can be saved in this column. The main difference between BLOB and VARBINARY is that VARBINARY fills up unused space with padding, wheras with BLOB only the actual length of the data is reserved for one field.
But as PLB said, only use this if you absolutely must, because it slows down the whole DB in most cases. A better solution would be to store the files in your server's filesystem and save the file's path in the DB.
I am serializing alot of arrays in php that are to be stored in a database using mysql.
The length of the final string can vary greatly from anything inbetween 2000 to 100,000+, I was wondering what would the best column type for this to be?
I currently have it set as LONGTEXT but I feel this is overkill! The database is already active and has around 3million rows this is a new column which will added soon.
Thanks
Always use any BLOB data-type for serializing data so that it does not get cut off and break the serialization in a binary safe manner. If there is not a maximum to the length of the final string then you will need LONGBLOB. If you know that the data won't fill 2^24 characters you could use a MEDIUMBLOB. MEDIUMBLOB is about 16MB while LONGBLOB is about 4GB so I would say you're pretty safe with MEDIUMBLOB.
Why a binary data type? Text data types in MySQL have an encoding. Character encoding will have an effect on how the serialized data is transposed between the different encodings. E.g. when stored as Latin-1 but then read out as UTF-8 (for example because of the database driver connection encoding setting), the serialized data can be broken because binary offsets did shift however the serialized data was not encoded for such shifts. PHP's serialized strings are binary data, not with any specific encoding.
You should choose BLOB (as Marc B noted) per the PHP manual for serialize():
"Note that this [outputs] a binary string which may include null bytes, and needs to be stored and handled as such. For example, serialize() output should generally be stored in a BLOB field in a database, rather than a CHAR or TEXT field."
Source: http://php.net/serialize
Of course J.Money's input regarding sizes must be borne in mind as well - even BLOB has its limits, and if you are going to exceed them then you would need MEDIUMBLOB or LONGBLOB.
The whole point of designating data as binary is to simply treat the binary sequence as a raw, untouched sequence of bytes.
=> Given that MySQL has BLOB, BINARY and VARBINARY data types, why isn't it possible to store and retrieve any arbitrary binary stream of data from a php script without having the need to escape the sequence with mysql_real_escape_string or addslashes?
Because binary data are still serialized to a string… So, for example, imagine your $binary_data had the value a 'b" c. Then the query INSERT INTO foo VALUES $binary_data would fail.
The whole point of designating data as binary is to simply treat the binary sequence as a raw, untouched sequence of bytes.
you are wrong.
the only point of designating data as binary is just to mark it to be not a subject of character set recoding. that's all.
why isn't it possible to store and retrieve any arbitrary binary stream of data from a php script without having the need to escape the sequence with mysql_real_escape_string or addslashes?
who said it's impossible?
it's quite possible, both to store and retrieve.
The whole point of prepared statements is to send an arbitrary binary stream directly to mysql.
Why is it necessary to add escape sequences to a binary string when storing to a MySQL Database?
If you are talking of SQL, you have to understand what it is first.
SQL is a programming language.
And as any language has it's own syntax to follow.
And if you're going to add your raw binary data to this program, you have to make this data satisfy these rules. That's what escaping for.