Insert into table via stored procedure from client

2019-08-20 04:42发布

问题:

I'm created a client application that do all the encrypt and decrypt values using Always Encryption.

I've used Azure Key vault to store my Keys. I've followed this. It worked for me fine with the hardcoded query (INSERT INTO ....)

But when I tried with a stored procedure, it didn't work. I've already referred to this Stack Post. But the solutions/answer didn't solve my problems unfortunately. So I've decided to open a new question.

This is my C# code

SqlCommand cmd = _sqlconn.CreateCommand();

// Use parameterized SQL to insert the data
cmd.CommandText = @"INSERT INTO [dbo].[Patients] ([SSN], [FirstName], [LastName], [BirthDate]) VALUES (@SSN, @FirstName, @LastName, @BirthDate);";

SqlParameter paramSSN = cmd.CreateParameter();
paramSSN.ParameterName = @"@SSN";
paramSSN.SqlDbType = SqlDbType.Char;
paramSSN.DbType = DbType.AnsiStringFixedLength;
paramSSN.Direction = ParameterDirection.Input;
paramSSN.Value = ssn;
paramSSN.Size = 11;
cmd.Parameters.Add(paramSSN);

SqlParameter paramFirstName = cmd.CreateParameter();
paramFirstName.ParameterName = @"@FirstName";
paramFirstName.DbType = DbType.String;
paramFirstName.Direction = ParameterDirection.Input;
paramFirstName.Value = firstName;
paramFirstName.Size = 50;
cmd.Parameters.Add(paramFirstName);

SqlParameter paramLastName = cmd.CreateParameter();
paramLastName.ParameterName = @"@LastName";
paramLastName.DbType = DbType.String;
paramLastName.Direction = ParameterDirection.Input;
paramLastName.Value = lastName;
paramLastName.Size = 50;
cmd.Parameters.Add(paramLastName);

SqlParameter paramBirthdate = cmd.CreateParameter();
paramBirthdate.ParameterName = @"@BirthDate";
paramBirthdate.SqlDbType = SqlDbType.Date;
paramBirthdate.Direction = ParameterDirection.Input;
paramBirthdate.Value = birthdate;
cmd.Parameters.Add(paramBirthdate);

cmd.ExecuteNonQuery();

When I changed a little bit for using the stored procedure. It throws error like

Additional information: Operand type clash: char is incompatible with varchar(20) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK_Auto1', column_encryption_key_database_name = 'TestDB') collation_name = 'SQL_Latin1_General_CP1_CI_AS'

string execute = @"[dbo].[insertsp]";

SqlCommand cmd = new SqlCommand(execute, _sqlconn);
cmd.CommandType = CommandType.StoredProcedure;

    SqlParameter paramSSN = cmd.CreateParameter();
    paramSSN.ParameterName = @"@SSN";
    paramSSN.SqlDbType = SqlDbType.Char;
    paramSSN.DbType = DbType.AnsiStringFixedLength;
    paramSSN.Direction = ParameterDirection.Input;
    paramSSN.Value = ssn;
    paramSSN.Size = 11;
    cmd.Parameters.Add(paramSSN);

    SqlParameter paramFirstName = cmd.CreateParameter();
    paramFirstName.ParameterName = @"@FirstName";
    paramFirstName.DbType = DbType.String;
    paramFirstName.Direction = ParameterDirection.Input;
    paramFirstName.Value = firstName;
    paramFirstName.Size = 50;
    cmd.Parameters.Add(paramFirstName);

    SqlParameter paramLastName = cmd.CreateParameter();
    paramLastName.ParameterName = @"@LastName";
    paramLastName.DbType = DbType.String;
    paramLastName.Direction = ParameterDirection.Input;
    paramLastName.Value = lastName;
    paramLastName.Size = 50;
    cmd.Parameters.Add(paramLastName);

    SqlParameter paramBirthdate = cmd.CreateParameter();
    paramBirthdate.ParameterName = @"@BirthDate";
    paramBirthdate.SqlDbType = SqlDbType.Date;
    paramBirthdate.Direction = ParameterDirection.Input;
    paramBirthdate.Value = birthdate;
    cmd.Parameters.Add(paramBirthdate);

    cmd.ExecuteNonQuery();

This is my schema after the Encryption enabled

CREATE TABLE [dbo].[patients]
(
    [ssn] [varchar](20) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
    [FirstName] [varchar](50) NULL,
    [LastName] [varchar](50) NULL,
    [BirthDate] [datetime] NULL
)

(PS: I've already enabled the Column Encryption Setting=enabled in my connection string. Also tried with EXEC sys.sp_refresh_parameter_encryption @name = '[dbo].[sp]' - neither works for me)

回答1:

Just a Case Sensitive Issue (@ssn and @SSN).

Please not to forget that

SQL is not caSe SenSitIve

C# is CASE SENSITIVE