DDC-1144: How insert a AES_ENCRYPT value in a table field #1439

New Issue

admin · 2026-01-22T13:14:25+01:00

admin commented

2026-01-22 13:14:25 +01:00

Originally created by @doctrinebot on GitHub (May 10, 2011).

Originally assigned to: @Ocramius on GitHub.

Jira issue originally created by user dquintard:

Hi there,
I'm trying to insert an encrypted data:

Because {quote}INSERT statements are not allowed in DQL, ....{quote} i processed like this:

...
// controller
$membre = new \Entity\TMembre();
$membre->setPassword($password);
$em->persist($membre);
$em->flush();
...
?>

namespace Entity;
/****
 * TMembre
 *
 * @Table(name="t_membre")
 * @Entity(repositoryClass="Repository\TMembreRepository")
 */
class TMembre
{
    /****
     ** Set password     **
     ** @param string $password     **/
    public function setPassword($password)
    {
        $this->email = "AES*ENCRYPT('".$email."','"._MYSQL*CRYPT."')"; => insert this entire string without executing encryption
        $this->email = new \Doctrine\ORM\Query\Expr\Func("AES*ENCRYPT",array("'".$email."'","'"._MYSQL*CRYPT."'")); => does not work
    }
}

How can i do ?
Add this method to Doctrine\ORM\Query\Expr class ?

    /****
    public function aesEncrypt($value)
    {
       return "AES*ENCRYPT('".$value."','"._MYSQL*CRYPT."')"
    }

Originally created by @doctrinebot on GitHub (May 10, 2011). Originally assigned to: @Ocramius on GitHub. Jira issue originally created by user dquintard: Hi there, I'm trying to insert an encrypted data: Because {quote}INSERT statements are not allowed in DQL, ....{quote} i processed like this: ``` ... // controller $membre = new \Entity\TMembre(); $membre->setPassword($password); $em->persist($membre); $em->flush(); ... ?> ``` ``` namespace Entity; /**** * TMembre * * @Table(name="t_membre") * @Entity(repositoryClass="Repository\TMembreRepository") */ class TMembre { /**** ** Set password ** ** @param string $password **/ public function setPassword($password) { $this->email = "AES*ENCRYPT('".$email."','"._MYSQL*CRYPT."')"; => insert this entire string without executing encryption $this->email = new \Doctrine\ORM\Query\Expr\Func("AES*ENCRYPT",array("'".$email."'","'"._MYSQL*CRYPT."'")); => does not work } } ``` How can i do ? Add this method to Doctrine\ORM\Query\Expr class ? ``` /**** public function aesEncrypt($value) { return "AES*ENCRYPT('".$value."','"._MYSQL*CRYPT."')" } ```

admin added the New Feature label 2026-01-22 13:14:25 +01:00

admin closed this issue

2026-01-22 13:14:26 +01:00

admin commented

2026-01-22 13:14:26 +01:00

@doctrinebot commented on GitHub (Mar 19, 2014):

Comment created by @ocramius:

This approach is flawed from a security perspective, since your data AND the encryption key are likely flowing through either a socket to the DB server.

This also allows people to just log the queries and catch any calls to AES_* functions.

Once the attacker got in, he can simply copy all the data and decrypt it on his own machine from an SQL dump.

I would suggest to NOT encrypt in custom DBAL types nor through SQL queries: do it in your service layer with proper encryption built into PHP.

@doctrinebot commented on GitHub (Mar 19, 2014): Comment created by @ocramius: This approach is flawed from a security perspective, since your data AND the encryption key are likely flowing through either a socket to the DB server. This also allows people to just log the queries and catch any calls to `AES_*` functions. Once the attacker got in, he can simply copy all the data and decrypt it on his own machine from an SQL dump. I would suggest to NOT encrypt in custom DBAL types nor through SQL queries: do it in your service layer with proper encryption built into PHP.

admin commented

2026-01-22 13:14:28 +01:00

@doctrinebot commented on GitHub (Mar 19, 2014):

Issue was closed with resolution "Won't Fix"

@doctrinebot commented on GitHub (Mar 19, 2014): Issue was closed with resolution "Won't Fix"

admin referenced this issue

2026-01-22 16:04:30 +01:00

[PR #1439] One to one unique index mapping bug #9500

Sign in to join this conversation.