Parameterizing value to be Encrypted in SQL Query

0

Currently, the query query that returns results is as follows:

 SELECT nome, email, senha
 FROM Professor 
 WHERE email = ? AND senha = HASHBYTES('SHA1','" + senha + "') 

 p.setString(1, email);

When trying to parameterize the value within the HASHBYTES resource (with the 'placeholder'? ', in the PreparedStatement of Java), there is some read / type / conversion error that causes the query not to return results.

What would be the correct way to parameterize this Query, then to do the binding with the value of the variable password ?

    
asked by anonymous 23.04.2016 / 19:02

1 answer

0

The problem has been solved with the parameter type conversion.

select email, password
from Professor
where email = ?
and senha = hashbytes('sha1', convert(varchar, ?))

More details about the difference in encryption for Varchar or NVarchar at SQL Server sha1 value in prepared statement gives a different value than hardcoded string

    
12.05.2016 / 17:57