I need to store very important information, and for greater security, I decided to use the built-in MySQL function "AES_ENCRYPT", but while saving data in the table, I get the following error:
mysql.connector.errors.DataError: 1366 (22007):
Incorrect string value: 'xFExC5x0AxA3}xCE...' for column `database`.`table`.`token` at row 7
my code:
key = hashlib.sha256(str(guild.owner_id).encode('utf-8')).hexdigest()
update = f'''UPDATE `table` SET token = AES_ENCRYPT('{token}', '{key}'), WHERE id = {guild.id}'''
# guild.id and guild.owner_id there are int values
cursor.execute(update)
connection.commit()
How to fix it?
2
Answers
From the MySQL Reference Manual 5.7:
If you use column types
VARCHAR
orTEXT
, this may occur. So you should change column token fromVARCHAR
toVARBINARY
or useHEX(AES_ENCRYPT(token, key))
to store as stringUsing prepared statements separates the data from the (sql) code and as such, the data no longer requires to conform the the connection character set. This also makes it immune from SQL injection:
%s
refers to an arbitrary marker and its not quoted. The prepared statement markers need to be data and cannot be part of the SQL syntax (like table identifiers).Could also let the database perform the key generation:
Also keys are normally secret values. I’m not sure the
guild.id
quantifies as secret enough to provide any value around the encrypted value.