Can someone give me an idea about how to get this right:
I have this code which selects user info from an SQL database. The code is written in VBScript
strSQL = "select customer.*,country.countryname,company.CO_name from customer,country,company where customer.CU_CO_id_FK=company.CO_id and customer.CU_MD_id_ca_FK IN (select doctor.MD_id from doctor where doctor.MD_admid_FK="&Session("admid")&") and customer.CU_country=country.c_id "&ss&" order by customer.CU_l_name"
The key to this code is: "&ss&"
Now here is the value of ss
ss="and customer.CU_cc_number like'%"&unamee&"%'"
Now it all runs smooth until...: the CU_cc_number is the customer credit card number. I store it on the database as an encrypted string. Now when I try to compare it using the 'like' clause, the comparison is wrong because I need to Decrypt the Credit card number before I can compare it to what the user is looking for. My problem is using the Decrypt() function with this statement:
The above is INcorrect. When I use ss in the select statement it says that the function Decrypt is unknown, yet I have included it into the beginning of the page. I either am inluding extra &s or am leaving something out
Originally posted by rnealejr
What are you using to encrypt the string ?
The problem is that you are trying to decrypt the value from the database before you have it - the decrypt function is in your web page ( or other programming environment) but the sql is run on the sql server instance. Depending on your encryption algorithm you could encrypt the cc number you receive from the user and use that to pass in the sql statement - so you are comparing encrypted to encrpyted.