Home/ Questions/Q 6205125
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T05:13:00+00:00

I’m trying to do a query on a username table where username and password

  • 0

I’m trying to do a query on a username table where username and password match. The table is a pre-existing (created during company software installation) table and I don’t have the ability to change encryption types or methods. A query with a string as the password works perfectly fine but when I try to query using an integer the query returns null.

"SELECT *
 FROM ITF_USER
 WHERE ITF_LOGIN = '$lcUserName'
 AND ITF_PASS = HashBytes('SHA1', '$lcPassword')";

if the password is something like 'helloworld' then the query works fine, but '1121321' does not return anything. Any suggestions?

UPDATE
If I compare the table stored password with php’s sha1($lcPassword) results I see a slight difference that is causing the null query results:

table -> 0x3FEEAC0B3A75CF1C12A8420CDE593FA275CCE584
sha1()->   8feeac0b3a75cf1c12a8420cde598fa275cce584

there are two 8’s in the sha1() results that should be 3’s

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I tried this:

    declare @vc varchar(255), @nvc nvarchar(255)
set @vc = '1111'
set @nvc = '1111'
select hashbytes('sha1', @vc)
select hashbytes('sha1', @nvc)

    It returned different values:

    varchar  = 0x011C945F30CE2CBAFC452F39840F025693339C42
nvarchar = 0x40C7BD210D05DBEA19402B952DD416E487450955

    It seems that the datatype of the second parameters makes a difference when calling HashBytes(). Perhaps a varchar is being passed when you use a string and an int is converted to a nvarchar (or visa-versa).

    It might work to force everything to one type: HashBytes('SHA1', cast('$lcPassword' as varchar(255))

    • 0