Skip to main content
C
coylo
Known Participant
September 3, 2013
Question

MySQL aes_encrypt

  • September 3, 2013
  • 0 replies
  • 412 views

hi,

i am using the mysql  aes_encrypt function for encrypting data in the database.

i.e. a sample update query that i have:

<cfquery name="updateUser" datasource="#application.datasource#">

UPDATE users

SET

users.name=AES_ENCRYPT('#form.name#', '#application.master_key#'),

users.contact=AES_ENCRYPT('#form.contact#', '#application.master_key#'),

users.town=AES_ENCRYPT('#form.town#', '#application.master_key#'),

users.role=<cfqueryparam value="#form.role#" cfsqltype="cf_sql_integer">

WHERE users.id=<cfqueryparam value="#form.user_id#" cfsqltype="cf_sql_varchar" maxlength="50">

</cfquery>

this works fine and i then successfully retrieve the data using the following:

<cfquery name="getUser" datasource="#application.datasource#">

SELECT users.id, users.role, CAST(AES_DECRYPT(users.name, '#application.master_key#') AS CHAR(50)) name_decrypt,

CAST(AES_DECRYPT(users.contact, '#application.master_key#') AS CHAR(30)) contact_decrypt,

CAST(AES_DECRYPT(users.town, '#application.master_key#') AS CHAR(30)) town_decrypt

FROM users

WHERE users.id=<cfqueryparam value="#url.user_id#" cfsqltype="cf_sql_varchar" maxlength="50">

</cfquery>

my concern is how to sanitise the input in the update query for name, contact and town - as i cant seem to use the cfqueryparam tag here.

any ideas as to the best way to deal with this?

    This topic has been closed for replies.
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices