i have a slight problem with some of the chars used in encryption.
When a user tries to create an account in my system, the system encrypts the username/password before putting it into the DB.
When the user tries to log in, the system encrypts the username/password used to log in and tries to find a matching encyption in the DB.
problem is, the test username (hsimpson) i just used has a ' in the encyption
this means, the SQL created looks like this: SELECT username FROM tblUserSecurity WHERE username = '������:Y�`�U'��C�x'
So it' breaking my SQL query and I'm getting an error: <com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '��C�x'' at line 1>
is there anyway I can stop SQL from using ' in encryption?
It looks like you are using the binary output of encryption - when interpreted as characters there is a chance you will get an illegal one. To avoid this, base64 encode the binary output. This will always produce legal characters.
Originally posted by Arthur Buliva: That code uses the MD5 encryption in MySQL to encrypt/decrypt the password for you
MD5 is not a cipher (which is used for encryption/decryption), it's a hash. That means that once something is run through MD5, there's no way to get back the original cleartext. For passwords that is actually the right thing to do, but we should be clear about its one-way nature.