PDA

Click to See Complete Forum and Search --> : Updating an encrypted string

Charu0306
November 21st, 2006, 08:15 PM
Hello ,
Iam using VB.NET for db programming. I have an encrypted field in the tabe as a Text field. I can create a record and add a 16-bit encrypted string to the db. But,updating the record seems to be a problem. Th encrypted string as you know, contains several characetrs like "yoBGGEV+Zda2v2TEP6a2Jg==". Is that the reason for the updating problem? I find the record with another unique key and try to update, it gives syntax error. However, updating other fields is not a problem. The field size is big enough. What I do, as a workwround is delete that record (that works) and re-create again which is annoying and isnt right.

Any clues?

Thank You,
Charu.
Craig Gemmill
November 21st, 2006, 08:50 PM
Are you using a parameterized query? You should be.

http://builder.com.com/5100-6371_14-6093390.html
Charu0306
November 22nd, 2006, 03:57 PM
Thank, please see this. I use :

strFind = "Update Login SET Password = '" & Trim(pwd.ToString()) & "'" & _
" where EmployeeID =" + empid

Password is of size 255. Pwd is the encryopted string here. It doesnt work anyway. :( Whats wrong in this?
Craig Gemmill
November 22nd, 2006, 06:12 PM
Again:
Are you using a parameterized query? You should be.
http://builder.com.com/5100-6371_14-6093390.html


Dim strSQL As String = "Update Login SET Password = @password where EmployeeID = @empid"
Dim sqlCommand As New SqlClient.SqlCommand(strSQL)
With sqlCommand.Parameters
.Add(New SqlClient.SqlParameter("@password", Trim(pwd.tostring)))
.Add(New SqlClient.SqlParameter("@empid", empID))
End With
Charu0306
November 23rd, 2006, 08:53 PM
Tried this. It didnt work. Please note pwd is an encrypted string.

Private Sub UpdatePassword2(ByVal email As String, ByVal empid As String, ByVal pwd As String)
Dim strFind As String
strFind = "Update Login SET Password = @Password and EmployeeID =@empid"
Dim cmd As New Data.OleDb.OleDbCommand(strFind, MyConn)
cmd.CommandText = strFind
cmd.Parameters.Add("@Password", Data.OleDb.OleDbType.BSTR).Value = Trim(pwd.ToString())
cmd.Parameters.Add("@empid", Data.OleDb.OleDbType.BSTR).Value = empid
cmd.ExecuteNonQuery()
End Sub

Throws an exception saying syntax error in UPDATE statement. Its not recognizing something here. Its bcos of the encrypted string like:"yoBGGEV+Zda2v2TEP6a2Jg=="

Thanks for the reply anyway.