[RESOLVED] Sql insert query with encrypted value
Hello, i have this code to encrypt the value of a password textbox
Code:
System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] data = System.Text.Encoding.ASCII.GetBytes(password_textBox.Text);
data = x.ComputeHash(data);
string encryptedpassword = System.Text.Encoding.ASCII.GetString(data);
and i'm trying to pass that value to my database with this code
Code:
string source = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=database.accdb;Mode=ReadWrite;";
string query = "Insert into users (name,password) values ('" + name_textBox.Text + "','" + encryptedpassword + "')";
OleDbConnection conn = new OleDbConnection(source);
OleDbCommand cmd = new OleDbCommand(query, conn);
cmd.Connection = conn;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
but i get an error because the encrypted password contains the character "?"
is there a way to ignore what's inside query's values and just pass it to database ? or another (better) way to encrypt the textbox's text ?
i tried to put a @ but i had no luck
Code:
string query = @"Insert into users (name,password) values ('" + name_textBox.Text + "','" + encryptedpassword + "')";
Re: Sql insert query with encrypted value
Re: Sql insert query with encrypted value
translating from greek it says,
syntax error missing operator in query " 'first value','second value' "
first value = here is the encrypted password which starts with ?
Re: Sql insert query with encrypted value
i changed my encryption code to this and i solved my problem
Code:
System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] bs = System.Text.Encoding.UTF8.GetBytes(password_textBox.Text);
bs = x.ComputeHash(bs);
System.Text.StringBuilder encryptedpassword = new System.Text.StringBuilder();
foreach (byte b in bs)
{
encryptedpassword.Append(b.ToString("x2").ToLower());
}
and i get my encrypted password with encryptedpassword.ToString()
Re: [RESOLVED] Sql insert query with encrypted value
Instead of concatenating the SQL string together, use parameters... makes life a lot easier.
-tg
Re: [RESOLVED] Sql insert query with encrypted value
i'll have it in mind thanks a lot
Re: [RESOLVED] Sql insert query with encrypted value
Or pass parameters to a stored procedure.
Re: [RESOLVED] Sql insert query with encrypted value
i need to read about them and find how it works for future projects, i know stored procedures are good when you want security
Re: [RESOLVED] Sql insert query with encrypted value
Quote:
Originally Posted by
invader7
i need to read about them and find how it works for future projects, i know stored procedures are good when you want security
They're good for more than that as well. For example:
1) Queries within stored procedures usually get a query plan generated for them - which means the queries are optimized and run faster.
2) Stored procedures can be thought of as a form of 'interface' - meaning that you have flexibility to change the sql code within the store procedure without having to change the C# code that calls it. As long as the interface signature remains the same, you can change whatever you want beneath the covers.
3) Bug fixes/feature improvements can often be made on the database layer without having to recompile/deploy C# code.
4) Development is easier (IMO) when you use stored procedures. The reason is because you can develop and test the stored procedures on the sql side (so you know your db code works correctly) before calling the sproc(s) from the c# code. If you have trouble when call the sproc from C#, all you need to check is whether your passing the correct input to the sprocs. This is two pronged approach is much easier than trying to debug C# and sql query code all at once.
Re: [RESOLVED] Sql insert query with encrypted value
i can see.... thanks for your advices, i'll study them
