Add encryption handling to updateRowById method
Extended the updateRowById method across mysql, pdo, and IDb to support encrypted fields. Updated the PDO update logic to conditionally encrypt data using DES_ENCRYPT when specified. This ensures sensitive data is managed securely during updates.
This commit is contained in:
Stephan Kasdorf
@@ -75,11 +75,12 @@ abstract class Db implements IDb
|
||||
* @desc will update the a row with the $rowset parameter by the given id
|
||||
* @param array $rowData
|
||||
* @param int $id
|
||||
* @param string $encrypted
|
||||
* @return bool
|
||||
*/
|
||||
public function updateRowById(array $rowData, int $id): bool
|
||||
public function updateRowById(array $rowData, int $id, string $encrypted = ""): bool
|
||||
{
|
||||
return Pdo::updateRowById( self::getTable()['table'], self::getTable()['fields'], $rowData, $id );
|
||||
return Pdo::updateRowById( self::getTable()['table'], self::getTable()['fields'], $rowData, $id, $encrypted );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -187,17 +187,19 @@ final class pdo extends Mysql implements IPdo
|
||||
* @param string $tableName The name of the table to update.
|
||||
* @param array $data An associative array where keys are column names and values are the new values for those columns.
|
||||
* @param int $id The value of the primary key for the row to update.
|
||||
* @param string $encrypted The field that has encrypted data for handling correct field encryption
|
||||
*
|
||||
* @return bool Returns true on success or false on failure.
|
||||
*/
|
||||
public static function updateRowById(string $tableName, array $columnNames, array $data, int $id): bool
|
||||
public static function updateRowById(string $tableName, array $columnNames, array $data, int $id, string $encrypted = IMysql::PLACE_DES_ENCRYPT): bool
|
||||
{
|
||||
try {
|
||||
// Inside a method of the mysql.db.php class or its subclass
|
||||
$validTables = self::loadTableNames();
|
||||
|
||||
// Validate the table name
|
||||
if (!in_array($tableName, $validTables, true)) {
|
||||
if (!in_array($tableName, $validTables, true))
|
||||
{
|
||||
throw new \InvalidArgumentException("FATAL ERROR in main CORE updateRowById: Invalid table name: {$tableName}");
|
||||
}
|
||||
|
||||
@@ -229,7 +231,13 @@ final class pdo extends Mysql implements IPdo
|
||||
$query = "UPDATE " . $tableName . " SET ";
|
||||
$updateParts = [];
|
||||
foreach ($data as $column => $value) {
|
||||
$updateParts[] = $column . " = :" . $column;
|
||||
if ($column === $encrypted)
|
||||
{
|
||||
// Encrypt the value using DES_ENCRYPT function
|
||||
$updateParts[] = "$column = DES_ENCRYPT(:$column, :key)";
|
||||
} else {
|
||||
$updateParts[] = "$column = :$column";
|
||||
}
|
||||
}
|
||||
$query .= implode(', ', $updateParts);
|
||||
$query .= " WHERE " . $primaryKeyField . " = :primaryKeyValue";
|
||||
@@ -237,6 +245,11 @@ final class pdo extends Mysql implements IPdo
|
||||
foreach ($data as $column => $value) {
|
||||
$stmt->bindValue(':' . $column, $value);
|
||||
}
|
||||
if ($encrypted != "")
|
||||
{
|
||||
$key = Config::getInstance()->getConfig()[View::NIBIRU_SECURITY]["password_hash"];
|
||||
$stmt->bindValue(':key', $key);
|
||||
}
|
||||
$stmt->bindValue(':primaryKeyValue', $id);
|
||||
return $stmt->execute();
|
||||
} catch (\PDOException $e) {
|
||||
|
||||
@@ -13,9 +13,10 @@ interface IDb
|
||||
* @desc will update the a row with the $rowset parameter by the given id
|
||||
* @param array $rowData
|
||||
* @param int $id
|
||||
* @param string $encrypted
|
||||
* @return mixed
|
||||
*/
|
||||
public function updateRowById( array $rowData, int $id );
|
||||
public function updateRowById( array $rowData, int $id, string $encrypted = "" );
|
||||
|
||||
/**
|
||||
* @desc updates a row by a given field and field where search value
|
||||
|
||||
Reference in New Issue
Block a user