0

First of all hello, I am trying to access data from a database that using always encrypted, I will explain step by step what I did, step one: I open the SQL server and Enable column encryption for the table I want. step two: I tried if it is work fine in DB or not and the result it works fine if I enable the always encryption option it will return decrypted data. step three: write my code and this is my code


<?php
$hostname_DB= "localhost"; 
$database_DB= "test";
$username_DB= "***";                                        
$password_DB= "***";    
    
try {
    $connection = new PDO("sqlsrv:Server=$hostname_DB;Database=$database_DB;ColumnEncryption = Enabled;LoginTimeout=100000", $username_DB, $password_DB);
        $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $connection->setAttribute(PDO::SQLSRV_ATTR_QUERY_TIMEOUT, 1000000);

    $query="select TOP (10) second_name_a FROM employees";
    $stmt = $connection->query($query);

    while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
        print_r($row);echo'<br>';

    }
} catch (PDOException $e) {
    die("Connection failed: " . $e->getMessage());
}

?>

step four: I reserve this error (Connection failed: SQLSTATE[CE100]: [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]The system cannot find the file specified.) but when I run the same code in CMD it works fine, in the two images the first one is without the ColumnEncryption option, and the second one is with the ColumnEncryption option

first image:

enter image description here

second image:

enter image description here

note: (I use IIS (Internet Information Services) with PHP 8.0.6 and I installed Microsoft Drivers for PHP for SQL Server(php_pdo_sqlsrv_80_ts_x64.dll/php_sqlsrv_80_ts.dll) and enable the extension from php.ini);

I try to refresh SQL(MSSQlSERVER), Enable Named Pipes, and check the user Status Setting (Permission to connect to database engine) it is Grant, and Login in to Enabled

In the end, expecting decrypted data and thank you for helping

Update (5/15/2023): I have tried in another DB and it's working fine, I think the problem is a collate because the first one (that I have the problem with) has to collate Arabic_CI_AS, and the second one (works fine) has to collate SQL_Latin1_General_CP1_CI_AS. but I can't convert the collate for the first one. what should I do to make always encryption work with collate Arabic_CI_AS? note: when using always encryption it will change the collate for the column from Arabic_CI_AS to Arabic_BIN2

Update (5/17/2023): The error has changed to the keyset connot find

Hesham Mahmoud
  • 1
  • 2
  • Do you have this driver installed? **ODBC 17 Driver for SQL Serve** . If not, download and install it [downlowad](https://learn.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16) – Julian Fagadau May 14 '23 at 21:49
  • Are you using exactly the same credentials (username and password) in the IIS version of the code as you are when it succeeds on the CLI? The logged in account needs to have `VIEW ANY COLUMN MASTER KEY DEFINITION` and `VIEW ANY COLUMN ENCRYPTION KEY DEFINITION` database permissions as well as access to the CMK and CEKs that protect the encrypted columns. Ref: [Using Always Encrypted with the PHP Drivers for SQL Server](https://learn.microsoft.com/en-us/sql/connect/php/using-always-encrypted-php-drivers) – AlwaysLearning May 15 '23 at 01:19
  • yes I have ODBC 17 Driver for SQL Server on my device, I tried in another DB and it works fine, also I give everyone permission to access a certificate – Hesham Mahmoud May 15 '23 at 05:22
  • You could try using the SQLSRV extension instead of PDO. SQLSRV is a PHP extension that provides drivers for connecting to Microsoft SQL Server databases. The SQLSRV extension is designed specifically for Microsoft SQL Server and provides better compatibility than the generic PDO extension. – YurongDai May 15 '23 at 09:25
  • it's the same problem it didn't return data (second_name_a) – Hesham Mahmoud May 15 '23 at 10:49
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community May 15 '23 at 11:22
  • I want to use always encrypted on my website when I enabled it, in the ssms there is no problem, the data will return decrypted, but when I do the same query in PHP I have that error (Connection failed: SQLSTATE[CE100]: [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]The system cannot find the file specified.). I try every solution on the Internet but it didn't work I want to get the data decrypted that comes from DB using always encryption fetcher – Hesham Mahmoud May 15 '23 at 11:40

1 Answers1

0

You must change Anonymous Authentication in IIS from IUSR to your user account, you can Know your account by opening CMD, and put this command (whoiam). enter image description here

Wongjn
  • 8,544
  • 2
  • 8
  • 24
Hesham Mahmoud
  • 1
  • 2