How to store hash value from C# in SQL Server using sql query -
i have problems getting data type correct. have column in database table binary(64) hold salted hash value of password.
i don't understand how present data sql server. have read supposed pass strsaltedpassword.gethashcode() nvarchar(max) have not been able make work...
so next tried having parameter first of binary , have tried varchar
this c# code , sql insert query
//sqldbtype.varchar = "implicit conversion data type varchar binary not allowed. use convert function run query." sqlparameter myfield = sqlcmd.parameters.add("@myfield", sqldbtype.varchar); myfield.value = strsaltedpassword.gethashcode(); string sqlquery = "insert users ([username],[firstname],[lastname],[emailaddress],[emailverified],[verifiedtimestamp],[isactive],[passwordhash],[securitystamp],[accountcreatetimestamp]) values ('" + username.text + "'" + ", '" + firstname.text + "'" + ", '" + lastname.text + "'" + ", '" + email.text + "'" + ", 'false', getdate(), 'true', @myfield, '" + strgetnewusersalt + "', + getdate())"; sqlcmd.commandtext = sqlquery; sqlconn.open(); sqlcmd.executenonquery(); i error:
"implicit conversion data type varchar binary not allowed. use convert function run query"
do need declare @myfield nvarchar (max) on sql side ??
i bit out of element on , use help.
i'm pretty sure away setting sqldbtype varbinary, this:
sqlparameter myfield = sqlcmd.parameters.add("@myfield", sqldbtype.varbinary); although points should parameterize query.
pros:
- prevent against sql injection attacks.
- compiled , cached, it's faster each subsequent run.
cons:
- none
here's how this:
var conn = new sqlconnection("your connection string"); var username = username.text.trim(); var firstname = firstname.text.trim(); var lastname = lastname.text.trim(); // etc etc etc // finish these var hashvalue = strsaltedpassword.gethashcode(); var sqlcmd = new sqlcommand("insert users ([username],[firstname],[lastname],[emailaddress],[emailverified],[verifiedtimestamp],[isactive],[passwordhash],[securitystamp],[accountcreatetimestamp]) values(@username, @firstname, @lastname, @emailaddress, @emailverified, @verifiedtimestamp, @isactive, @passwordhash, @securitystamp, @accountcreatetimestamp", conn); //implicit conversion - lazy sqlcmd.parameters.addwithvalue("@username", username); sqlcmd.parameters.addwithvalue("@firstname", firstname); sqlcmd.parameters.addwithvalue("@lastname", lastname); //explicit conversion sqlcmd.parameters.add("@passwordhash", sqldbtype.varbinary, 64).value = hashvalue; // etc etc etc // finish these
Comments
Post a Comment