We have been using the stored proc below to search a table named tblPatients. However, now that we have encrypted the name fields the sp fails. Is there a workaround like temp table or something? ALTER PROCEDURE [dbo].[kd_selPatientSearch] @SearchText nvarchar(150), @SearchType int = 0 AS BEGIN -- SET NOCOUNT ON added to prevent extra result sets from -- interfering with SELECT statements. SET NOCOUNT ON; SELECT P.FirstName, P.LastName, P.CaregiverLogin, O.Organization, O.OrgUserName FROM dbo.tblPatients AS P INNER JOIN dbo.tblOrganization AS O ON P.OrgID = O.OrgID WHERE (CASE WHEN @SearchType = 0 AND P.CaregiverLogin = @SearchText THEN 'T' WHEN @SearchType = 1 AND (P.LastName = @SearchText OR P.FirstName = @SearchText) THEN 'T' ELSE 'F' END = 'T') ORDER BY LastName, FirstName;

Since I have seen your table in a different thread, I can tell you that this procedure is a dead case in its current shape. The columns LastName and FirstName are encrypted, whereas CaregiverLogin is not. That information should by now be enough to tell you why this can't work, so I say no more. So you will have to split @SearchText in two parameters - at least. One for CaregiverLogin, and one for the other two. However, FirstName is nvarchar(20) and LastName is nvarchar(30), so I am not sure that you can use the same variable with both - Always Encrypted is, as you have noted, quite picky about data types.

I really pared it down to below but when I run it I get error "Encryption scheme mismatch for columns/variables . The encryption scheme for the columns/variables is (encryption_type = 'PLAINTEXT') and the expression near line '3' expects it to be (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK_Auto1', column_encryption_key_database_name = 'kdctest') (or weaker). " ALTER PROCEDURE [dbo].[kd_selPatientSearch] @FirstName nvarchar(20) AS BEGIN -- SET NOCOUNT ON added to prevent extra result sets from -- interfering with SELECT statements. SET NOCOUNT ON; SELECT P.FirstName, P.LastName, O.Organization, O.OrgUserName FROM dbo.tblPatients AS P INNER JOIN dbo.tblOrganization AS O ON P.OrgID = O.OrgID WHERE P.FirstName = @FirstName; END

SP alternate with column encryption

Accepted answer

Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator

2021-01-04T22:07:43.987+00:00

Since I have seen your table in a different thread, I can tell you that this procedure is a dead case in its current shape. The columns LastName and FirstName are encrypted, whereas CaregiverLogin is not. That information should by now be enough to tell you why this can't work, so I say no more.

So you will have to split @SearchText in two parameters - at least. One for CaregiverLogin, and one for the other two. However, FirstName is nvarchar(20) and LastName is nvarchar(30), so I am not sure that you can use the same variable with both - Always Encrypted is, as you have noted, quite picky about data types.
Please sign in to rate this answer.
David Chase 681 Reputation points

2021-01-04T22:59:17.763+00:00

Isn't that what I did (split)? I send one variable and split the variable into 2 (@Firstname and @LastName). I don't care about CaregiverLogin as I am removing it from the query.

Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator

2021-01-04T23:06:06.267+00:00

You need to make it two input parameters.

An operation like LEFT(@SearchText,20); is not particularly meaningful. Keep mind that @SearchText is just a bunch encrypted bytes that mean nothing to SQL Server.

David Chase 681 Reputation points

2021-01-04T23:27:37.28+00:00

I stand corrected. I got the error below running it from SSMS but when I run it in the web app it works fine.

Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator

2021-01-05T21:54:59.417+00:00

Yeah, you can enable parameterisation in SSMS, so that you can insert or update directly in scripts, but I don't think you can call stored procedures that takes encrypted parameters. I ran into the same issue when I worked with the SP for the small demo app I did for you the other day.

When you enable parameterisation in SSMS, SSMS analyses the scripts and performs action that it normally does not do. That is, normally, SSMS just sends what's in the window to SQL Server without giving much thought about what it sends.

David Chase 681 Reputation points

2021-01-05T23:04:24.147+00:00

Did you send me some info on stored procedures losing their format after encryption installed? If so, can you refresh my memory?

Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator

2021-01-06T10:22:08.82+00:00

"Losing their format?" No, that does not ring a bell. The procedure definition as such is unaffected, but the semantics changes, since you effectively change the data types.

David Chase 681 Reputation points

2021-01-06T12:46:14.073+00:00

OK, thanks. I try to properly indent lines in my procs and I noticed that after copying it to an encrypted database it lost all indenting and spacing.

Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator

2021-01-06T13:17:51.04+00:00

I can't say why this is happening, but it has to be something in the scripting process. That is, something that occurs outside SQL Server.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

SP alternate with column encryption

5 additional answers

Your answer