4 Replies Latest reply on May 2, 2006 1:46 PM by paross1

    Encrypt Password Problem

    hertelt Level 1
      I am encrypting a password in my application. The problem I am having is that one of my encrypted passwords starts with a single quote. This is blowing up my SQL queries. Is there a way to force CF to only use alpha or numeric characters?
        • 1. Re: Encrypt Password Problem
          paross1 Level 2
          I had a similar problem. I found that if I used <cfqueryparam> on the password parameter, when checking it against the encrypted value in the database, the error went away. Below is a sample of the logon verification query that I use in one of my applications where I use encrypted passwords.

          <cfquery name="Q1" DATASOURCE="#dbname#">
          SELECT admin_id, expire_date, access_level, enabled
          FROM admin
          WHERE LOWER(logon_name) = LOWER('#form.v_logon_name#')
          AND password = <cfqueryparam value = "#encrypt(form.v_password, cookie.pw_seed)#" CFSQLType = "CF_SQL_VARCHAR">
          </cfquery>

          Phil
          • 2. Re: Encrypt Password Problem
            Level 7
            one way around this is to urlencode the encrypted password
            URLEncodedFormat(Encrypt(arguments.password, application.encKey))

            and the decode if needed
            Decrypt(URLDecode(Trim(userinfo.password)), application.encKey)

            HTH
            --
            Tim Carley
            www.recfusion.com
            info@NOSPAMINGrecfusion.com
            • 3. Re: Encrypt Password Problem
              drforbin1970 Level 1
              Wouldn't the PreserveSingleQuotes function be useful here also?
              • 4. Re: Encrypt Password Problem
                paross1 Level 2
                Not really, as you are likely to get "special" characters other than single quotes that may cause you problems, so using CFQUERYPARAM seems to do the trick, at least it did for me.

                Phil