RE: What's the syntax for using ENCODE()?
You have an odd number of brackets in each case, you are missing a " ) " > -Original Message- > From: Kinney Baughman [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, February 28, 2001 11:18 PM > To: [EMAIL PROTECTED] > Subject: What's the syntax for using ENCODE()? > > Hi, > > I'm trying to encrypt credit_card numbers in MySQL 3.23.33. I want to > decrypt them when I retrieve them. > > I've tried: > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",encode('','Ilwfci'); > ERROR 1064: You have an error in your SQL syntax near '' at line 1 > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",encode(,Ilwfci); > ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1 > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",ENCODE('',Ilwfci); > ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1 > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",encode(,'Ilwfci'); > ERROR 1064: You have an error in your SQL syntax near '' at line 1 > > I have "ccaccount" set up as a blob. > > As you can see, all I get is error messages. What am I doing wrong? > > After I get them in, my next question is how to get them back out. > > According to the manual, one should use: DECODE(crypt_str,pass_str) where > "crypt_str" should be a string returned from ENCODE(). This seems to be a > catch-22, though. Wouldn't I have to know the value of "crypt_str", i.e. > the credit_card number in order to get that encrypted string out of > ENCODE()? > > Thanks. > -- > +---+ > | Kinney Baughman Appalachian State University | > | Appalachian Regional Development InstituteBoone, NC 28608 | > | Email: [EMAIL PROTECTED] Phone: (828) 262-6523 | > +---+ > > - > Before posting, please check: >http://www.mysql.com/manual.php (the manual) >http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail > <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: What's the syntax for using ENCODE()?
(second try, I had some magic words in this that set off the spam filter...) Just as a general security note, make sure that you are not logging these SQL commands somewhere... If you have entries like: INSERT INTO my_table (blah, blah, blah) VALUES (ENCODE('password','someval'...)... you can just read the update log to find them. If you have full logging enabled, you will see the SELECT statements that pull back the encrypted data. Both will give any casual reader the password for the encryption. This is generally considered to be a bad thing :-) Either turn off logging entirely (not really a good idea), do the encryption/decryption outside the database code (a much better idea), or turn off logging just for these statements with the SET LOG... stuff. The privileges are a little tricky to set up for the latter. I don't remember what they are off the top of my head. I much prefer doing the encryption somewhere else. That way, an accident with database configuration won't leave all your nice encryption passwords sitting around in a plaintext file. Cr#dit c#rds are a very valuable and easy to use form of money. They are widely prized by thieves for these reasons. They have strong economic incentives to hack your database or pay off your people or dig in your garbage for printouts of log files. Cr#dit c#rd numbers do not belong to you, so there are all kinds of interesting legal issues that come up if you are responsible for leaking them. Best, Kyle -- Kyle Hayes Quicknet Technologies t: +1 415 864 5225 520 Townsend St. Suite D f: +1 415 864 8388 San Francisco, CA 94103 w: http://www.quicknet.net USA *** "HEAR THE DIFFERENCE" with a live MICROTELCO demo at: Computer Telephony EXPO, Mar 6-8, Los Angeles, CA MicroTelco is a revolutionary service that brings multiple Internet Telephony Service Providers (ITSPs) together in a convenient, simple to use account center for greater reliability and flexibility. For more information visit: http://www.microtelco.com. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: What's the syntax for using ENCODE()?
on 2/28/01 4:18 PM, Kinney Baughman at [EMAIL PROTECTED] wrote: > Hi, > > I'm trying to encrypt credit_card numbers in MySQL 3.23.33. I want to > decrypt them when I retrieve them. > > I've tried: > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",encode('','Ilwfci'); > ERROR 1064: You have an error in your SQL syntax near '' at line 1 You just have unbalanced parenthesis. Add another closing paren before the semi-colon to close the values group and you should be ok. I suspect you want it quoted as above, but I've never used encode. > [...] > > According to the manual, one should use: DECODE(crypt_str,pass_str) where > "crypt_str" should be a string returned from ENCODE(). This seems to be a > catch-22, though. Wouldn't I have to know the value of "crypt_str", i.e. > the credit_card number in order to get that encrypted string out of > ENCODE()? Again, I've never used it, but...the string returned by encode() would be the value from your field. Just fetch it, and pass that to decode, along with the key used to encode it. You'll just need to know what key you used, not the value. Geoff - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: What's the syntax for using ENCODE()?
Your not closing off enough )'s should look like this: insert into payment (payname1,ccaccount) values ('Kinney',encode('','Ilwfci')); Then, for decode, you do it like this: SELECT DECODE(ccaccount,'Ilwfci') AS ccnumber FROM payment WHERE payname = 'Kinney'; - Original Message - From: "Kinney Baughman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 28, 2001 3:18 PM Subject: What's the syntax for using ENCODE()? > Hi, > > I'm trying to encrypt credit_card numbers in MySQL 3.23.33. I want to > decrypt them when I retrieve them. > > I've tried: > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",encode('','Ilwfci'); > ERROR 1064: You have an error in your SQL syntax near '' at line 1 > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",encode(,Ilwfci); > ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1 > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",ENCODE('',Ilwfci); > ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1 > > mysql> insert into payment (payname1,ccaccount) values > ("Kinney",encode(,'Ilwfci'); > ERROR 1064: You have an error in your SQL syntax near '' at line 1 > > I have "ccaccount" set up as a blob. > > As you can see, all I get is error messages. What am I doing wrong? > > After I get them in, my next question is how to get them back out. > > According to the manual, one should use: DECODE(crypt_str,pass_str) where > "crypt_str" should be a string returned from ENCODE(). This seems to be a > catch-22, though. Wouldn't I have to know the value of "crypt_str", i.e. > the credit_card number in order to get that encrypted string out of > ENCODE()? > > Thanks. > -- > +---+ > | Kinney Baughman Appalachian State University | > | Appalachian Regional Development InstituteBoone, NC 28608 | > | Email: [EMAIL PROTECTED] Phone: (828) 262-6523 | > +---+ > > - > Before posting, please check: >http://www.mysql.com/manual.php (the manual) >http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > > > - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
What's the syntax for using ENCODE()?
Hi, I'm trying to encrypt credit_card numbers in MySQL 3.23.33. I want to decrypt them when I retrieve them. I've tried: mysql> insert into payment (payname1,ccaccount) values ("Kinney",encode('','Ilwfci'); ERROR 1064: You have an error in your SQL syntax near '' at line 1 mysql> insert into payment (payname1,ccaccount) values ("Kinney",encode(,Ilwfci); ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1 mysql> insert into payment (payname1,ccaccount) values ("Kinney",ENCODE('',Ilwfci); ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1 mysql> insert into payment (payname1,ccaccount) values ("Kinney",encode(,'Ilwfci'); ERROR 1064: You have an error in your SQL syntax near '' at line 1 I have "ccaccount" set up as a blob. As you can see, all I get is error messages. What am I doing wrong? After I get them in, my next question is how to get them back out. According to the manual, one should use: DECODE(crypt_str,pass_str) where "crypt_str" should be a string returned from ENCODE(). This seems to be a catch-22, though. Wouldn't I have to know the value of "crypt_str", i.e. the credit_card number in order to get that encrypted string out of ENCODE()? Thanks. -- +---+ | Kinney Baughman Appalachian State University | | Appalachian Regional Development InstituteBoone, NC 28608 | | Email: [EMAIL PROTECTED] Phone: (828) 262-6523 | +---+ - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php