Home/ Questions/Q 7633777
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T06:58:52+00:00

I need to insert encrypted credit card number into my table, i have to

  • 0

I need to insert encrypted credit card number into my table, i have to use symmetric key logic of sql server. When im trying to run the below code it gives error incorrect syntax near Processors_Key_0. I dont understand where im going wrong.

string query = "OPEN SYMMETRIC KEY Processors_Key_01 DECRYPTION BY CERTIFICATE Processors INSERT INTO [Payees] VALUES ("
                + objpayee.BookingID + ", '" + address.ID + ", " + objpayee.PaymentTypeID +
                ", " + objpayee.LName +", " + objpayee.FName + ", EncryptByKey(Key_GUID('Processors_Key_01'), '" + objpayee.CardNumber +
                "'), "+ objpayee.ExpMonth + "', " + objpayee.ExpYear +", '" + objpayee.CardNumber.Substring(objpayee.CardNumber.Length - 4) +
                "', " + objpayee.Email + "', " + objpayee.Phone + "',null,null,null,null,'1-1-2015',null,null,'1-1-2015') CLOSE SYMMETRIC KEY Processors_Key_01; SELECT SCOPE_IDENTITY();";
        var id = (int)_db.ExecuteStoreQuery<decimal>(query).SingleOrDefault();
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This might be an error: ", '" + address.ID + ", " (note the opening single quote but no closing quote).

    Use a parameterized query and your code will be significantly cleaner (not to mention safer). With such a large statement it’s easy to create syntax errors.

    Also note that unless your environment is fully PCI compliant from beginning to end, you absolutely should not be storing credit card information, regardless of encryption.

    More PIC compliance/audit info from Visa.

    • 0