Data encryption and decryption in Laravel
Dec 12, 2024 am 11:50 AM
This guide explains how to implement encryption and decryption of sensitive data in Laravel models. By performing the following steps, you can protect the data before storing it in the database and decrypt it when retrieving the data.
Prerequisites
- Laravel: Make sure you are using a Laravel project.
- Encryption key: Laravel automatically generates APP_KEY in the .env file. This key is used by Laravel's encryption service.
Step 1: Set up encryption in the model
In the model, we will use Laravel's encrypt() and decrypt() functions to automatically handle the encryption and decryption of the specified fields.
Doctor Model
Create or update a Doctor model using encryption and decryption methods. We will encrypt fields such as first name, last name, email, and mobile phone before saving them to the database.
<?phpnamespace AppModels;use IlluminateDatabaseEloquentModel;use IlluminateSupportFacadesCrypt;class Doctor extends Model{
protected $fillable = [
'first_name', 'last_name', 'email', 'mobile', 'hashed_email', 'password'
];
// Automatically encrypt attributes when setting them
public function setFirstNameAttribute($value)
{
$this->attributes['first_name']?=?encrypt($value);
????}
????public?function?setLastNameAttribute($value)
????{
????????$this->attributes['last_name']?=?encrypt($value);
????}
????public?function?setEmailAttribute($value)
????{
????????$this->attributes['email']?=?encrypt($value);
????}
????public?function?setMobileAttribute($value)
????{
????????$this->attributes['mobile']?=?encrypt($value);
????}
????//?Automatically?decrypt?attributes?when?getting?them
????public?function?getFirstNameAttribute($value)
????{
????????return?decrypt($value);
????}
????public?function?getLastNameAttribute($value)
????{
????????return?decrypt($value);
????}
????public?function?getEmailAttribute($value)
????{
????????return?decrypt($value);
????}
????public?function?getMobileAttribute($value)
????{
????????return?decrypt($value);
????}}
Description
- Setter method: Use set{AttributeName }Attribute() to encrypt the data before storing it in the database.
- Getter method: Use get{AttributeName}Attribute() to decrypt when retrieving data from the database.
Step 2: Controller for data storage and retrieval
In the controller you can handle validation and call the model's Directly encrypt attributes without additional encryption/decryption step.
DoctorController
DoctorController handles registration through validation
Enter the data, encrypt it through the model, and save it in the database.
When doctor data is obtained, it will be automatically decrypted
Sensitive fields.
<?phpnamespace AppHttpControllers;use IlluminateHttpRequest;use AppModelsDoctor;use IlluminateSupportFacadesHash;class DoctorController extends Controller{
public function register(Request $request)
{
// Validate the incoming request
$validatedData = $request->validate([
????????????'first_name'?=>?'required|string|max:255',
????????????'last_name'?=>?'required|string|max:255',
????????????'email'?=>?'required|string|email|max:255|unique:doctors,email',
????????????'mobile'?=>?'required|string|size:10|unique:doctors,mobile',
????????????'password'?=>?'required|string|min:8|confirmed',
????????]);
????????//?Hash?the?email?to?ensure?uniqueness
????????$hashedEmail?=?hash('sha256',?$validatedData['email']);
????????//?Create?a?new?doctor?record?(model?will?handle?encryption)
????????$doctor?=?Doctor::create([
????????????'first_name'?=>?$validatedData['first_name'],
????????????'last_name'?=>?$validatedData['last_name'],
????????????'email'?=>?$validatedData['email'],
????????????'hashed_email'?=>?$hashedEmail,
????????????'mobile'?=>?$validatedData['mobile'],
????????????'password'?=>?Hash::make($validatedData['password']),
????????]);
????????return?response()->json([
????????????'message'?=>?'Doctor?registered?successfully',
????????????'doctor'?=>?$doctor
????????],?201);
????}
????public?function?show($id)
????{
????????//?Fetch?the?doctor?record?(model?will?decrypt?the?data?automatically)
????????$doctor?=?Doctor::findOrFail($id);
????????return?response()->json($doctor);
????}}
Description
- register method: Verify the incoming request, create a new doctor record, and automatically encrypt fields such as first name, last name, email, and mobile phone based on the model's encryption method.
- show method: Retrieve physician records by ID. this Sensitive fields will be automatically decrypted before the model's getter method Return data.
Step 3: Database configuration
Ensure that the doctor table columns for sensitive data are long enough to handle encrypted data (usually TEXT or LONGTEXT).
Example of migration settings:
Schema::create('doctors',?function?(Blueprint?$table)?{
????$table->id();
????$table->text('first_name');
????$table->text('last_name');
????$table->text('email');
????$table->string('hashed_email')->unique();?//?SHA-256?hashed?email
????$table->text('mobile');
????$table->string('password');
????$table->timestamps();});
Note: Since encrypted values ??may be much longer than plain text, text is preferred for encrypted fields.
Step 4: Handle decryption exceptions
To enhance error handling, wrap the decryption logic in a try-catch block in the model getter:
<?phpnamespace AppModels;use IlluminateDatabaseEloquentModel;use IlluminateSupportFacadesCrypt;class Doctor extends Model{
protected $fillable = [
'first_name', 'last_name', 'email', 'mobile', 'hashed_email', 'password'
];
// Automatically encrypt attributes when setting them
public function setFirstNameAttribute($value)
{
$this->attributes['first_name']?=?encrypt($value);
????}
????public?function?setLastNameAttribute($value)
????{
????????$this->attributes['last_name']?=?encrypt($value);
????}
????public?function?setEmailAttribute($value)
????{
????????$this->attributes['email']?=?encrypt($value);
????}
????public?function?setMobileAttribute($value)
????{
????????$this->attributes['mobile']?=?encrypt($value);
????}
????//?Automatically?decrypt?attributes?when?getting?them
????public?function?getFirstNameAttribute($value)
????{
????????return?decrypt($value);
????}
????public?function?getLastNameAttribute($value)
????{
????????return?decrypt($value);
????}
????public?function?getEmailAttribute($value)
????{
????????return?decrypt($value);
????}
????public?function?getMobileAttribute($value)
????{
????????return?decrypt($value);
????}}
Additional Notes
- Environmental Security: Make sure APP_KEY is stored securely in the .env file. This key is essential for encryption/decryption.
- Data Backup: If data integrity is critical, make sure you have a backup mechanism in place, as encrypted data will be unrecoverable without the correct APP_KEY.
Summary
- Model encryption: Use the setter method to encrypt data before storage, and use the getter method to decrypt it during retrieval.
- Controller logic: The controller can handle encrypted fields directly without additional encryption code.
- Database configuration: Use TEXT or LONGTEXT columns as encrypted fields.
- Security Note: Secure your APP_KEY and use exception handling in the getter to handle decryption errors.
The above is the detailed content of Data encryption and decryption in Laravel. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to choose a free market website in the currency circle? The most comprehensive review in 2025
Jul 29, 2025 pm 06:36 PM
The most suitable tools for querying stablecoin markets in 2025 are: 1. Binance, with authoritative data and rich trading pairs, and integrated TradingView charts suitable for technical analysis; 2. Ouyi, with clear interface and strong functional integration, and supports one-stop operation of Web3 accounts and DeFi; 3. CoinMarketCap, with many currencies, and the stablecoin sector can view market value rankings and deans; 4. CoinGecko, with comprehensive data dimensions, provides trust scores and community activity indicators, and has a neutral position; 5. Huobi (HTX), with stable market conditions and friendly operations, suitable for mainstream asset inquiries; 6. Gate.io, with the fastest collection of new coins and niche currencies, and is the first choice for projects to explore potential; 7. Tra
Ethena treasury strategy: the rise of the third empire of stablecoin
Jul 30, 2025 pm 08:12 PM
The real use of battle royale in the dual currency system has not yet happened. Conclusion In August 2023, the MakerDAO ecological lending protocol Spark gave an annualized return of $DAI8%. Then Sun Chi entered in batches, investing a total of 230,000 $stETH, accounting for more than 15% of Spark's deposits, forcing MakerDAO to make an emergency proposal to lower the interest rate to 5%. MakerDAO's original intention was to "subsidize" the usage rate of $DAI, almost becoming Justin Sun's Solo Yield. July 2025, Ethe
What is Binance Treehouse (TREE Coin)? Overview of the upcoming Treehouse project, analysis of token economy and future development
Jul 30, 2025 pm 10:03 PM
What is Treehouse(TREE)? How does Treehouse (TREE) work? Treehouse Products tETHDOR - Decentralized Quotation Rate GoNuts Points System Treehouse Highlights TREE Tokens and Token Economics Overview of the Third Quarter of 2025 Roadmap Development Team, Investors and Partners Treehouse Founding Team Investment Fund Partner Summary As DeFi continues to expand, the demand for fixed income products is growing, and its role is similar to the role of bonds in traditional financial markets. However, building on blockchain
How to build a REST API with Laravel?
Jul 30, 2025 am 03:41 AM
Create a new Laravel project and start the service; 2. Generate the model, migration and controller and run the migration; 3. Define the RESTful route in routes/api.php; 4. Implement the addition, deletion, modification and query method in PostController and return the JSON response; 5. Use Postman or curl to test the API function; 6. Optionally add API authentication through Sanctum; finally obtain a clear structure, complete and extensible LaravelRESTAPI, suitable for practical applications.
How can we avoid being a buyer when trading coins? Beware of risks coming
Jul 30, 2025 pm 08:06 PM
To avoid taking over at high prices of currency speculation, it is necessary to establish a three-in-one defense system of market awareness, risk identification and defense strategy: 1. Identify signals such as social media surge at the end of the bull market, plunge after the surge in the new currency, and giant whale reduction. In the early stage of the bear market, use the position pyramid rules and dynamic stop loss; 2. Build a triple filter for information grading (strategy/tactics/noise), technical verification (moving moving averages and RSI, deep data), emotional isolation (three consecutive losses and stops, and pulling the network cable); 3. Create three-layer defense of rules (big whale tracking, policy-sensitive positions), tool layer (on-chain data monitoring, hedging tools), and system layer (barbell strategy, USDT reserves); 4. Beware of celebrity effects (such as LIBRA coins), policy changes, liquidity crisis and other scenarios, and pass contract verification and position verification and
Ethereum (ETH) NFT sold nearly $160 million in seven days, and lenders launched unsecured crypto loans with World ID
Jul 30, 2025 pm 10:06 PM
Table of Contents Crypto Market Panoramic Nugget Popular Token VINEVine (114.79%, Circular Market Value of US$144 million) ZORAZora (16.46%, Circular Market Value of US$290 million) NAVXNAVIProtocol (10.36%, Circular Market Value of US$35.7624 million) Alpha interprets the NFT sales on Ethereum chain in the past seven days, and CryptoPunks ranked first in the decentralized prover network Succinct launched the Succinct Foundation, which may be the token TGE
What is Ethereum? What are the ways to obtain Ethereum ETH?
Jul 31, 2025 pm 11:00 PM
Ethereum is a decentralized application platform based on smart contracts, and its native token ETH can be obtained in a variety of ways. 1. Register an account through centralized platforms such as Binance and Ouyiok, complete KYC certification and purchase ETH with stablecoins; 2. Connect to digital storage through decentralized platforms, and directly exchange ETH with stablecoins or other tokens; 3. Participate in network pledge, and you can choose independent pledge (requires 32 ETH), liquid pledge services or one-click pledge on the centralized platform to obtain rewards; 4. Earn ETH by providing services to Web3 projects, completing tasks or obtaining airdrops. It is recommended that beginners start from mainstream centralized platforms, gradually transition to decentralized methods, and always attach importance to asset security and independent research, to
How to integrate React with Laravel?
Jul 30, 2025 am 04:05 AM
SetupLaravelasanAPIbackendbyinstallingLaravel,configuringthedatabase,creatingAPIroutes,andreturningJSONfromcontrollers,optionallyusingLaravelSanctumforauthentication.2.ChoosebetweenastandaloneReactSPAservedseparatelyorusingInertia.jsfortighterLaravel
