Parameterizing value to be Encrypted in SQL Query

Question

Parameterizing value to be Encrypted in SQL Query

Navigation

#1 by (0 votes)

0

Currently, the query query that returns results is as follows:

 SELECT nome, email, senha
 FROM Professor 
 WHERE email = ? AND senha = HASHBYTES('SHA1','" + senha + "') 

 p.setString(1, email);

When trying to parameterize the value within the HASHBYTES resource (with the 'placeholder'? ', in the PreparedStatement of Java), there is some read / type / conversion error that causes the query not to return results.

What would be the correct way to parameterize this Query, then to do the binding with the value of the variable password ?

sql java web-service

asked by anonymous 23.04.2016 / 19:02

1 answer

Encryption for wordpress plugin code not submitting form via phpmailer

score 0 · Accepted Answer

The problem has been solved with the parameter type conversion.

select email, password
from Professor
where email = ?
and senha = hashbytes('sha1', convert(varchar, ?))

More details about the difference in encryption for Varchar or NVarchar at SQL Server sha1 value in prepared statement gives a different value than hardcoded string