Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
programer
Posting Yak Master
221 Posts |
 Posted - 2010-08-04 : 18:24:36
|
| Hi,My SQL: string strCardNumberAttributeName = "Credit card number"; string strCardTypeAttributeName = "Credit card type"; string strExpiryDateAttributeName = "Expiry Date";"SELECT tbl_Payments.PaymentType, tbl_PaymentDetails.Value FROM tbl_Payments INNER JOIN tbl_PaymentDetails ON tbl_Payments.PaymentId= tbl_PaymentDetails.CardId WHERE ATTRIBUTENAME IN ('" + strCardNumberAttributeName + "','" + strCardTypeAttributeName + "','" + strExpiryDateAttributeName + "')";The AttributeName is the "credit card number." How can I only set this attribute a value?Credit card number is necessary to decode, so I just want to find where the "Credit card number ', decode a credit card number.I have a code for encryption and decryption.I call it: decrypt / encryptIf it finds a "Credit card number" using WHERE = "Credit card number ', I have this set: encrypt (tbl_PaymentDetails.Value) if it finds WHERE data =' Credit on me ', but: tbl_PaymentDetails.Value.Please help!Thanks.edit: moved to proper forum |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
programer
Posting Yak Master
221 Posts |
Posted - 2010-08-04 : 18:57:06
|
quote:
Originally posted by tkizer
Are you really going to use concatenated queries for credit cards? Your code is vulnerable to SQL injection. You need to use parameterized queries instead. I don't understand your question to be able to answer it.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/Subscribe to my blog
That's what I need: if (Convert.ToString(row["ATTRIBUTENAME"]) == strCardNumberAttributeName) strCardNumber = Decrypt(Convert.ToString(row["VALUE"])); |
 |
|
|
vaibhavktiwari83
Aged Yak Warrior
843 Posts |
Posted - 2010-08-05 : 03:10:10
|
| More explaination required with sample data...Vaibhav TTo walk FAST walk ALONE To walk FAR walk TOGETHER |
|
|
|
jcelko
Esteemed SQL Purist
547 Posts |
Posted - 2010-08-05 : 11:52:08
|
| Please post DDL, so that people do not have to guess what the keys, constraints, Declarative Referential Integrity, data types, etc. in your schema are. Please learn to follow ISO-11179 data element naming conventions and formatting rules. That means no spaces in the data element names and no silly data type and "tbl-" prefixes. Temporal data should use ISO-8601 formats. Code should be in Standard SQL as much as possible and not local dialect. Sample data is also a good idea, along with clear specifications. It is very hard to debug code when you do not let us see it. If you want to learn how to ask a question on a Newsgroup, look at: http://www.catb.org/~esr/faqs/smart-questions.html --CELKO--Joe Celko, SQL Guru |
|
|
|
|
|
|
|
|
INNER JOIN and parameter