I've been trying so many different variations to get AES_Decrypt to work. I started of with field types VARBINARY then tried BLOB but still no luck, keeps returning NULL. Eventually I tried this:
SELECT AES_DECRYPT(AES_ENCRYPT('blah blah blah','1234'), '1234') as test
This technically should have returned blah blah blah, but instead it returns
626c616820626c616820626c6168
So not sure what is going on or what I am doing wrong.
I have inserted encrypted data as follows:
INSERT INTO private (short_name, mobile, name)
VALUES (
'AS1',
AES_ENCRYPT('0111222333','1234'),
AES_ENCRYPT('My Name','1234')
)
Then I try to decrypt it like this:
SELECT AES_DECRYPT('mobile', '1234') AS mobile FROM private
It just does not seem to work. Followed lots of the instructions online but still no luck.
Any ideas?
So it seems that I need to use CAST unless using the mysql command line client.
So doing this seems to work:
SELECT CAST(AES_DECRYPT(AES_ENCRYPT('blah blah blah','1234'), '1234') AS CHAR (150))
SELECT AES_DECRYPT(AES_ENCRYPT('blah blah blah','1234'), '1234') as test
is returning binary string as output. If you convert it to string then it will blah blah blah. You can use online hex to binary converter to verify it. You have to set it to text in your GUI tool.
Related
My school work has asked me to retrieve information from all customers with emails ending in ".com" I cannot find any information anywhere. Can you help me out? Below is what I have tried as well as many other variations.
SELECT first_name AND last_name FROM customerform WHERE email LIKE('.com')
That's not how LIKE works, nor how SELECT works. Instead:
SELECT first_name, last_name FROM customerform WHERE email LIKE '%.com'
Here % means "begins with" or "blah blah blah" in more casual parlance.
Remember things like SELECT are fully documented and there's no shame in checking how they work before running your statement. We all need to check that we're doing it correctly.
Having some issues performing a PDO LIKE Query containing ().
<?php
...
$text_with_parentheses = '%'.$text_with_parentheses.'%'
$sth = $dbh->prepare('SELECT * FROM '.$table.' WHERE alarm LIKE :alarm');
$sth->bindParam(':alarm' , $text_with_parentheses);
$sth->execute();
$response = $sth->fetch();
...
?>
The string value I'm querying is an alarm text, stored in a varchar utf8_uncode_ci column. It Looks like this:
'ABCD. Status ABCD (6): (fail)'
It seems I cannot figure out how to escape the parentheses. Tested both via PHP/PDO and directly in MYSQL console. For testing i tested the follwoing in directly in the MYSQL console
SELECT * FROM `table` WHERE `column`='ABCD. Status ABCD (6): (fail)'
It returns 0 results.
The only way to get any results - both in PDO and MYSQL console - is doing:
SELECT * FROM `table` WHERE `column` LIKE 'ABCD. status ABCD%'
But that returns several values which is not viable. When searching for values that does not contain parentheses it works fine.
Anyone have any ideas? This seems like a MYSQL issue.
Parenthesis have absolutely no meaning neither in mysql strings nor in PDO.
Your problem is caused by something else.
Select the existing value from database and encode it to see all non-printable characters:
echo rawurlencode($value);
and then compare.
The genuine ABCD. Status ABCD (6): (fail) string will make
ABCD.%20Status%20ABCD%20%286%29%3A%20%28fail%29
while one from database something different. Compare and check the difference.
i am working on getting numbers from soft phone and then inserting in mysql db.
all drivers and stuffs is ok. i configure them. i can select /poll all my datas. but i cant insert my new data. my func_odbc.conf likes that;
[ADDX];
dsn=asterisk
writesql = INSERT INTO aktarma (musterino,aktartel) values (${VAL1},${VAL2})
and my extensions.conf is ;
exten=>_X.,n(sqlekle),SET(a=${ODBC_ADDX(${digit},${aktartel})})
i checked my variables ${digit} and ${aktartel} is right it gives error as ;
[Jan 30 05:43:21] ERROR[4601]: pbx.c:3380 ast_func_read: Function ODBC_ADDX cannot be read
-- Executing [XXXXXXXXX#phones:30] Set("SIP/out-0000001a", "a=") in new stack
So what is wrong friends. i cannot find a way to solve this
Thanks a lot.
It's a year late but I'm going to answer this to help anyone coming from search land like I was.
In your func_odbc.conf you are trying to write VAL1 and VAL2 but in fact you want to use ARG1 and ARG2; in the dialplan that follows, VAL1 and VAL2 are not set (they would come after the =)
[ADDX]
dsn=asterisk
writesql = INSERT INTO aktarma (musterino,aktartel) VALUES (${ARG1},${ARG2})
One more note, it's always good practice to escape and quote your SQL input; you never know when some bastard is going to press "A" on his DTMF keypad just to keep you on your toes! In your query use '${SQL_ESC(${ARG1})}':
INSERT INTO aktarma (musterino, aktartel) VALUES ('${SQL_ESC(${ARG1})}', '${SQL_ESC(${ARG2})}')
Moving on to your dialplan: you were trying to read a value from the function which is only a write function. Even if you aren't reading a value, you still need an = in your Set command to avoid errors, but it should be at the end. Also the function doesn't need to be wrapped in ${} for writing.
exten=>_X.,n(sqlekle),Set(ODBC_ADDX(${digit},${aktartel})=)
Regarding ARG vs VAL, here is an example that uses both:
[ADDX]
dsn=asterisk
writesql = INSERT INTO aktarma SET ${ARG1}='${VAL1}', ${ARG2}='${VAL2}'
We use both VAL and ARG; then put this in the dialplan:
exten=>_X.,n(sqlekle),Set(ODBC_ADDX(musterino,aktartel)=${digit},${aktartel})
So ARGx is passed as an argument to the function, while VALx is on the right-hand side of the Set call.
There is little documentation available on how this works; hopefully this helps someone.
You have use write-only functions in left part of assigment.
[PRESENCE]
dsn=mydb
writesql=UPDATE `locationtable` SET `location`=${SQL_ESC(${VAL1})}` WHERE `username`='${SQL_ESC(${ARG1})}'
extensions.conf:
exten => 1234,1,NoOp(Set and read location)
exten => 1234,n,Set(ODBC_PRESENCE(${EXTEN})=office)
I have a table with three columns named: Question, Answer, Hashed. I want to update the Hashed column with the Answer column hashed using sha512.
I've tried to do the update directly from my MySql database using this syntax, but it didn't work:
UPDATE TableName
SET Hashed = SHA512(Answer)
WHERE Hashed IS NULL
I know the syntax is wrong but not sure why.
Thanks in advance for your help!
R
Give this a shot.
UPDATE TableName SET Hashed=SHA2(Answer, 512) WHERE Hashed IS NULL;
Note that this will only work with MySQL 5.5 onward. For versions before 5.5, you'll have to use application code to hash it (PHP to get all the rows, iterate through and hash $row['answer'] to SHA512, then run the UPDATE commands on each)
(Source: http://dev.mysql.com/doc/refman/5.5/en//encryption-functions.html#function_sha2)
I hope this is not too late. Even if, maybe someone else will find out this hint:
UPDATE TableName SET Hashed = ENCRYPT('Answer', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))) WHERE Hashed IS NULL;
What it does, it creates sha-512 hash, with it's schema: $6$ from string 'Answer'
If you are using debian, you may also use mkpasswd from package libstring-mkpasswd-perl to generate SHA-512 for you, and update as string.
I have a query in mySQL that's meant to return search terms that are used on our site. Yes, this is for a tag cloud, and yes, I know it's a mullet :)
We've got an admin page where administrators can view search terms and choose to exclude them from showing up in the cloud. These words go into the "badWords" table. We've gotten some terms like "foo%2525252525252520bar", and we're having trouble getting those excluded.
In pseudocode, the query to get the search terms for the cloud is:
SELECT * FROM `searchTerms` WHERE `word` NOT IN ( SELECT `word` FROM `badWords` )
This works fine, unless one of the terms returned from the subquery has a % in it. Is there a way to escape the entire subquery? I've tried doing a
replace( SELECT `word` FROM `badWords`, '%', '\%' )
... but that's apparently not syntactically correct.
I can do two queries if need be, but wondered if there's a way to get it done as is.
Thanks!
==============================
UPDATE: closing this for now, as I think the error lies elsewhere. Will report back once I know for sure, but don't want folks wasting time answering the question here if it's not the correct question...
Upvoted both of the replies received so far. Thanks, guys.
==============================
UPDATE 2: sigh Nevermind... can't close it :\
==============================
FINAL UPDATE: Well, looks like escaping the value isn't the problem. The admin page passes the value in the URL before it's added to the badWords table. In passing the value via the URL, it changes. So what's added to badWords is actually "foo%25252525252520bar" (there's one less "25" sequence). If I manually update the value in badWords and add back the missing "25" it works as expected. So no need to replace or escape anything. I just need to fix those URL values properly.
==============================
I don't think the % is your problem here. I think that you're trying to use REPLACE() on the subquery itself (SELECT ...), and not on a column value (word). Try this instead:
SELECT * FROM `searchTerms`
WHERE `word` NOT IN (
SELECT REPLACE(`word`, '%', '\%') AS word FROM `badWords`
);
Good luck!
I'm not very good with MySQL syntax, but SQL Server let's you do it this way:
SELECT * FROM `searchTerms` WHERE `word` NOT IN ( SELECT REPLACE(`word`, '%', '\%') FROM `badWords` )
NOTE: Basically all I did was move your REPLACE over some =) Hope this helps.