Encrypt () places punctuation in string

Ask a Question related to Coldfusion Security, Design and Development.

  1. DixieGal #1

    Default Encrypt () places punctuation in string

    :(
    I am encrypting a user password just before storing, the decrypting anytime it
    is retrieved. All works great, except for passwords that where the encryption
    places a ' or a " in the encrypted string. Then my SQL Server query fails
    because it trips up on the quotations....

    My query looks like:
    update table set username=' #form.username#',
    pw='#encrypt(FORM.password,'XXX')#' where empid=#session.user.empid#

    I have tried the query several ways, including assigning the encrypted value
    to a var and then putting it in the query.... All are a no-go...

    Any suggestions as to how I can either
    1) ELIMINATE certain characters from my string
    2) Create an encryption that is only alphanumeric or
    3) Get the query to work as is....
    Tx, DixieGal

    DixieGal Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Encrypt String or different approach
      Good afternoon, I am building an application that uses ASP .NET, and Blackmoon FTP Server, My plan currently is to automate some user processes...
    2. function that removes the punctuation and some characters like (*&^%$#@!<>?"} from a text string
      Hi All; I'm trying to create an ASP function called CleanX that removes the punctuation and some characters like (*&^%$#@!<>?"}|{..) from...
    3. Query String - encrypt
      All, I often use a querystring in my ASP pages. for example: if val > 1 then Response.redirect "val1.asp?val=1&user=UserID End if Is there a...
    4. How can I encrypt a string?
      hi... How can I encrypt a string and then decrypt it? there are some examples I found but all of them about filestream object I wonder if there...
    5. Encrypt string for POSTing
      Hi all! I need to POST data from one of my asp.net pages to an external CGI script. What possibilities do I have to encrypt the data for...
  2. Adam Cameron #2

    Default Re: Encrypt () places punctuation in string

    > 3) Get the query to work as is....

    Read up on <cfqueryparam>

    --

    Adam
    Adam Cameron Guest
    Reply With Quote Reply With Quote
  3. eastinq #3

    Default Re: Encrypt () places punctuation in string

    The ToBase64() works well also for storing encrypted passwords in a text field.



    <cfset pw="Tom'sCabin">
    <cfset enc_pw=Encrypt(pw,"XXX")>
    <cfset b64_pw=ToBase64(enc_pw)>
    <cfset dec_pw=Decrypt(ToString(ToBinary(b64_pw)),"XXX")>

    <cfoutput>
    password: #pw#<br>
    encrypted: #enc_pw#<br>
    base64: #b64_pw#<br>
    decrypted: #dec_pw#<br>
    </cfoutput>

    eastinq Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139