Results 1 to 6 of 6
  1. #1
    Join Date
    Dec 2002
    Posts
    4

    Unanswered: Select Statement

    Can someone give me an idea about how to get this right:

    I have this code which selects user info from an SQL database. The code is written in VBScript

    strSQL = "select customer.*,country.countryname,company.CO_name from customer,country,company where customer.CU_CO_id_FK=company.CO_id and customer.CU_MD_id_ca_FK IN (select doctor.MD_id from doctor where doctor.MD_admid_FK="&Session("admid")&") and customer.CU_country=country.c_id "&ss&" order by customer.CU_l_name"

    The key to this code is: "&ss&"

    Now here is the value of ss

    ss="and customer.CU_cc_number like'%"&unamee&"%'"

    Now it all runs smooth until...: the CU_cc_number is the customer credit card number. I store it on the database as an encrypted string. Now when I try to compare it using the 'like' clause, the comparison is wrong because I need to Decrypt the Credit card number before I can compare it to what the user is looking for. My problem is using the Decrypt() function with this statement:

    I'd like to do something like this:

    ss="and " & Decrypt(customer.CU_cc_number) & " like'%"&unamee&"%'"

  2. #2
    Join Date
    Feb 2002
    Posts
    2,232
    What are you using to encrypt the string ?

  3. #3
    Join Date
    Dec 2002
    Posts
    4
    It's a simple function:
    It works well, but I just do not exactly know how to incorporate with this code:

    ss="and " & Decrypt(customer.CU_cc_number) &" like'%"&unamee&"%'"

    The above is INcorrect. When I use ss in the select statement it says that the function Decrypt is unknown, yet I have included it into the beginning of the page. I either am inluding extra &s or am leaving something out




    Originally posted by rnealejr
    What are you using to encrypt the string ?

  4. #4
    Join Date
    Feb 2002
    Posts
    2,232
    The problem is that you are trying to decrypt the value from the database before you have it - the decrypt function is in your web page ( or other programming environment) but the sql is run on the sql server instance. Depending on your encryption algorithm you could encrypt the cc number you receive from the user and use that to pass in the sql statement - so you are comparing encrypted to encrpyted.

  5. #5
    Join Date
    Dec 2002
    Posts
    4
    Originally posted by rnealejr
    What are you using to encrypt the string ?

  6. #6
    Join Date
    Feb 2002
    Posts
    2,232
    What is the latest ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •