memory allocation error while insert

Question

0.00/5 (No votes)

See more:

Dear all

now i was having a problem with UTF8 and my program and the sol was to use ODBC 5.1 instead of 3.5 but now i found new problem

when i insert using the following sql command

SQL

INSERT INTO users
(UserName, PassWord)
VALUES (?, SHA1(?))

i get ODBC 5.1 error memory allocation error !! although it was working so fine in ODBC 3.5 and when i just remove SHA1 , it worked again ??

so what should i do?
i tried many other fun. like MD5 , encrypt ...... all not working

Posted 10-May-11 6:46am

AhmedOsamaMoh

Updated 10-May-11 6:52am

Karthik. A

v3

Add a Solution

Comments

Karthik. A 10-May-11 12:52pm

Formatted the question.

3 solutions

Solution 1

First, you should be hashing the password in your code, not in the SQL. Why? Because you're transmitting the password "in the clear" between your code and the SQL server. A man-in-the-middle attack can watch the SQL request fly by and yank out the account id and password.

You already found out about the second reason why you don't do this: Compatibility. The method you chose to access the database is not tolerate of upgrades. Also, the backing database may not support the hashing function you want (you are using ODBC for generic access to various database engines, correct?)

Posted 10-May-11 7:12am

Dave Kreskowiak

Updated 10-May-11 7:13am

v2

Comments

Marc A. Brown 10-May-11 13:29pm

Great answer.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kim Togo · Accepted Answer · 2011-05-10T20:47:00

Solution 2

Skip ODBC driver for MySql and download MySql Connector/Net[^] native C# driver.

And use MySqlParameter for the job. Do as Dave suggests. Do hashing before INSERT statement.

Posted 10-May-11 20:47pm

Kim Togo

AhmedOsamaMoh · Accepted Answer · 2011-05-22T00:50:00

Solution 3

odbc ver. 3 support sha but ver. 5 makes such problem

Posted 22-May-11 0:50am

AhmedOsamaMoh