Encrypt Password Problem

Report · May 02, 2006

I am encrypting a password in my application. The problem I am having is that one of my encrypted passwords starts with a single quote. This is blowing up my SQL queries. Is there a way to force CF to only use alpha or numeric characters?

Report · May 02, 2006

I had a similar problem. I found that if I used <cfqueryparam> on the password parameter, when checking it against the encrypted value in the database, the error went away. Below is a sample of the logon verification query that I use in one of my applications where I use encrypted passwords.

<cfquery name="Q1" DATASOURCE="#dbname#">
SELECT admin_id, expire_date, access_level, enabled
FROM admin
WHERE LOWER(logon_name) = LOWER('#form.v_logon_name#')
AND password = <cfqueryparam value = "#encrypt(form.v_password, cookie.pw_seed)#" CFSQLType = "CF_SQL_VARCHAR">
</cfquery>

Phil

Report · May 02, 2006

one way around this is to urlencode the encrypted password
URLEncodedFormat(Encrypt(arguments.password, application.encKey))

and the decode if needed
Decrypt(URLDecode(Trim(userinfo.password)), application.encKey)

HTH
--
Tim Carley
www.recfusion.com
info@NOSPAMINGrecfusion.com

Report · May 02, 2006

Wouldn't the PreserveSingleQuotes function be useful here also?

Report · May 02, 2006

Not really, as you are likely to get "special" characters other than single quotes that may cause you problems, so using CFQUERYPARAM seems to do the trick, at least it did for me.

Phil

Adobe Community

Encrypt Password Problem

1 Correct answer