Parameterizing value to be Encrypted in Query SQL

Question

Parameterizing value to be Encrypted in Query SQL

Asked 8 years, 5 months ago

Viewed 34 times

0

Currently, the query query that returns results is as follows:

 SELECT nome, email, senha
 FROM Professor 
 WHERE email = ? AND senha = HASHBYTES('SHA1','" + senha + "') 

 p.setString(1, email);

When trying to parameterize the value within the HASHBYTES resource (with placeholder '?', in the Preparedstatement from Java), there is some read/type/conversion error that causes the query not to return results.

What would be the correct way to parameterize this Query, and then do the Binding with the value of the variable password?

1 answer

Browser other questions tagged java sql web-service

You are not signed in. Login or sign up in order to post.

by KarasuEXE • 1 point · Answer 1 · 2016-05-12T15:57:55+00:00

The problem was solved by converting the parameterized value type.

select email, password
from Professor
where email = ?
and senha = hashbytes('sha1', convert(varchar, ?))

More details about the difference in Varchar or Nvarchar encryption SQL Server sha1 value in Prepared statement gives a Different value than hardcoded string