This content has been marked as final. Show 4 replies
I had a similar problem. I found that if I used <cfqueryparam> on the password parameter, when checking it against the encrypted value in the database, the error went away. Below is a sample of the logon verification query that I use in one of my applications where I use encrypted passwords.
<cfquery name="Q1" DATASOURCE="#dbname#">
SELECT admin_id, expire_date, access_level, enabled
WHERE LOWER(logon_name) = LOWER('#form.v_logon_name#')
AND password = <cfqueryparam value = "#encrypt(form.v_password, cookie.pw_seed)#" CFSQLType = "CF_SQL_VARCHAR">
one way around this is to urlencode the encrypted password
and the decode if needed
Wouldn't the PreserveSingleQuotes function be useful here also?
Not really, as you are likely to get "special" characters other than single quotes that may cause you problems, so using CFQUERYPARAM seems to do the trick, at least it did for me.