I created a procedure in SQL Server to enter a new user.
When I'm going to create the hash password that appears in the Chinese language, I couldn't understand why.
Can someone help me with the solution and also explain to me why this happened?
Script:
ALTER PROCEDURE [Administrative].[spInsertUser]
(#Name Nvarchar(50),
#Surname Nvarchar(Max),
#Email Nvarchar(1000),
#PasswordHash Nvarchar(Max),
#EmailConfirmed Bit,
#Lockout Bit,
#TimeZone Nvarchar(6))
AS
BEGIN
DECLARE #Id Bigint;
DECLARE #NewPasswordHash Varbinary(Max);
SET #NewPasswordHash = HASHBYTES('SHA2_512', #PasswordHash);
INSERT INTO Administrative.Users ([Name], Surname, Email, PasswordHash,
EmailConfirmed, Lockout, TimeZone, Active)
VALUES (#Name, #Surname, #Email, #NewPasswordHash,
1, 0, #TimeZone, 1)
SET #Id = ##Identity
SELECT #Id AS Id
END
Result:
Created with varbinary:
Error
Msg 257, Level 16, State 3, Administrative.spInsertUser Procedure, Line 0 [Batch 8 Start Line]
Implicit cast from varchar data type to varbinary is not allowed. Use the CONVERT function to run this query.
Related
I'm a student and after 2H searching answer I'm hopping that someone can help me here.
I created a stored procedure that expects a name, address and geography location then adds a new branch to the Branches table. I'm trying to pass a geography value using a new query, but I keep getting a syntax error.
Stored procedure :
create procedure AddBranch
#Name nvarchar(50),
#Address nvarchar(100),
#GeographicLocation geography
as
begin
SET NOCOUNT ON
insert into Branches (Name, Address, GeographicLocation)
values (#Name, #Address, #GeographicLocation)
select BranchID
from Branches
where BranchID = SCOPE_IDENTITY()
end
Query:
exec AddBranch
#Name = 'Some Name',
#Address = 'Some Address',
#GeographicLocation = geography::Point(47.65100, -122.34900, 4326)
Error:
Incorrect syntax near'::'
Is there a way to pass geography data to a stored procedure?
In addition to enclosing the arguments in quotes, you need to assign the method result to a local variable in order to pass the value as a parameter in T-SQL:
DECLARE #geographyPoint geography = geography::Point('47.65100', '-122.34900', '4326');
exec AddBranch
#Name = 'Some Name',
#Address = 'Some Address',
#GeographicLocation = #geographyPoint;
as a sidenote:
create procedure dbo.AddBranch --always specify schema
#Name nvarchar(50),
#Address nvarchar(100),
#GeographicLocation geography
as
begin
SET NOCOUNT ON
SET XACT_ABORT ON --should be in every data modification SP
insert into dbo.Branches (Name, Address, GeographicLocation) --schema!
output inserted.BranchID --this
values (#Name, #Address, #GeographicLocation)
select SCOPE_IDENTITY() BranchID --or this
--absolutely no need in another read operation from persistent table
end
Put the values into quotes like this
exec AddBranch
#Name = 'Some Name',#Address = 'Some Address',
#GeographicLocation = geography::Point('47.65100', '-122.34900', '4326')
go
Although this might not work depending on how this custom Geography type expects its values, it will solve the syntax error.
I have a query, that will insert a data into my table, and it should return one value
My Stored Procedure
ALTER PROC FspCreateRequest
#RequestDescription nvarchar(200),
#CreatedBy varchar(30),
#CreatedDate datetime,
#Region nchar(10),
#RequestID varchar(20) output
AS
BEGIN
DECLARE #maxRequestID AS varchar(20)
SELECT #maxRequestID=max(RequestID)
FROM [F_CheckRequest]
WHERE Region = #Region
IF (#maxRequestID IS Null or #maxRequestID = '')
BEGIN
IF(#Region = 'Jeddah')
BEGIN
INSERT INTO [F_CheckRequest
(RequestID,RequestDescription,CreateBy,CreatedDate,Region)
VALUES
('10001',#RequestDescription,#CreatedBy,#CreatedDate,#Region)
SELECT #RequestID = '10001'
END
ELSE
BEGIN
INSERT INTO [F_CheckRequest]
(RequestID,RequestDescription,CreateBy,CreatedDate,Region)
VALUES
('50001',#RequestDescription,#CreatedBy,#CreatedDate,#Region)
SELECT #RequestID = '50001'
END
END
ELSE
BEGIN
SET #maxRequestID=#maxRequestID+1;
INSERT INTO [F_CheckRequest]
(RequestID,RequestDescription,CreateBy,CreatedDate,Region)
VALUES
(#maxRequestID,#RequestDescription,#CreatedBy,#CreatedDate,#Region)
SELECT #RequestID = #maxRequestID
END
END
When I run this query by following code
EXECUTE FspCreateRequest #RequestDescription='descriotion',#CreatedBy='sa',#CreatedDate='2017-01-10',#Region='Mecca',#ReqID out
PRINT 'RequestID'+ #ReqID
It throws error
Msg 137, Level 15, State 2, Line 2 Must declare the scalar variable "#ReqID".
Msg 137, Level 15, State 2, Line 3 Must declare the scalar variable "#ReqID".
Updated
Yes I did mistake. I missed to declare the output parameter. But after I execute like below
DECLARE #ReqID varchar(30)
EXECUTE FspCreateRequest #RequestDescription='descriotion',#CreatedBy='sa',#CreatedDate='2017-01-10',#Region='Jeddah',#ReqID out
PRINT 'RequestID'+ #ReqID
Still throws error like below
Msg 119, Level 15, State 1, Line 3
Must pass parameter number 5 and subsequent parameters as '#name = value'. After the form '#name = value' has been used, all subsequent parameters must be passed in the form '#name = value'.
This is the correct answer
DECLARE #ReqID varchar(30);
EXEC FspCreateRequest #RequestDescription='descriotion',#CreatedBy='sa',#CreatedDate='2017-01-10',#Region='Mecca',#RequestID = #ReqID out;
PRINT 'RequestID'+ #ReqID ;
Thank you #DanGuzman
i would like to hash a varchar and store it in db but i 've got a problem
when checking its value ,i thought i just had to hash it again and compare to db value
ALTER PROCEDURE [dbo].[AddLecteur]
#userName NVARCHAR(50),
#PasswordHash NVARCHAR(50),
#biblioPrincip int
AS
BEGIN
SET NOCOUNT ON
declare #ErrorMessage NVARCHAR(250)
declare #salt varbinary(4)=crypt_gen_random(4)
BEGIN TRY
INSERT INTO lecteur(nom, motPassword, biblioPrincipal)
VALUES(#userName,HASHBYTES('SHA2_256',cast( #PasswordHash as varbinary(max))+#salt), #biblioPrincip)
SET #ErrorMessage='Success'
END TRY
BEGIN CATCH
SET #ErrorMessage=ERROR_MESSAGE()
END CATCH
END
the value inserted is ‰¥_#碿K¤IFÕšxHà6œûäÜô4îõ„R¨Ó
am i not supposed to get the same value when checking the user if i use a salt inserted at the creation of the user and hash the user input the same way?
the second trigger hashing a proposal to compare to the one above generated when creating the user
ALTER PROCEDURE [dbo].[CheckngUser]
#userName varchar(50),
#password nvarchar(50),
#libelle varchar(50)
AS
BEGIN
declare #salt varbinary(4)
set #salt=(select lecteur.salt from lecteur where lecteur.nom=#userName)
select HASHBYTES('SHA2_256',cast( #password as varbinary(max))+#salt),
le.id,le.nom,le.[motPassword],bi.libellé from lecteur as le
inner join biblio as bi on le.biblioPrincipal=bi.id
where le.nom=#userName and le.motPassword=HASHBYTES('SHA2_256',cast(
#password as varbinary(max))+#salt)
END
why do i have this value here 0x7774FB52EB1FB5D3DD731A8B64B4BA1A73F4893F8A3C9084248D774D83C3E326
I am experimenting with a store procedure and I get the following error:
String or binary data would be truncated
I am trying to add user info to a table and I want to hash the password. I found this guide and am trying to make it work
The code:
DECLARE #FirstName nvarchar(20) = 'Name'
DECLARE #LastName nvarchar(20) = 'LastName'
DECLARE #Email nvarchar(50) = 'Name.LastName#hot'
DECLARE #UserPassword nvarchar(12) = 'thepass'
DECLARE #Hash VARBINARY(MAX)
DECLARE #Salt VARBINARY(4) = CRYPT_GEN_RANDOM(4)
DECLARE #UserName nvarchar(4)
SET #UserName = SUBSTRING(#FirstName, 1, 2) + SUBSTRING(#LastName, 1, 2)
SET #Hash = 0x200 + #Salt + HASHBYTES('SHA2_512', CAST(#UserPassword AS varbinary(MAX)) + #Salt)
INSERT INTO USERS(Email,UserName,UserPassword,firstName,lastName) VALUES(#Email, #UserName, #Hash, #FirstName, #LastName)
Table looks like:
After searching the web i got info that the size of the hash might be to big for the column but i checked and this is the result of the data:
0x0200511C118E7D3BF6F346BCE8F422B6832FDDC0A93A6C4533D79CC8776365E5D591750ADBC0587763494E7152DC68388B583F71182CA4AB6810ECD645381A7933B0785ACA8B
This is 142 characters and is below the 500 maximum.
What am I doing wrong?
I'm trying to insert other table's IDs (Company and Bank) into the uBankID and uCompanyID of the EndUser table and the BankID of the Company table on INSERT.
Whatever way I do this, the required fields aren't being populated, what am I doing wrong? I had a look at an inline select statement at the ID to try and grab it but couldn't fathom it and it wouldn't compile.
The variables are all present and correct in the backend and are being parsed through, all but these IDs, as nothing is going wrong with the C# I'm thinking there's something amiss with my SQL, especially as I'm fairly new to stored procedures.
Any help would be greatly appreciated.
Code (slimmed down):
CREATE PROCEDURE [ProcedureInsert]
#Title nvarchar(10),
#FirstName nvarchar(50),
#LastName nvarchar(50),
#Organisation nvarchar(50),
#Address nvarchar(50),
#uBankID int,
#uCompanyID int,
#BankID int,
#SortCode int,
#AccountNumber nvarchar(50),
#AccNameHolder nvarchar(50),
#cId int output,
#bId int output,
#euId int output
AS
BEGIN
SET NOCOUNT ON;
INSERT INTO [Bank](SortCode, AccountNumber, AccNameHolder)
VALUES(#SortCode, #AccountNumber, #AccNameHolder)
SET #bId = SCOPE_IDENTITY();
INSERT INTO [Company](Organisation, Address, BankID)
VALUES(#Organisation, #Address, #bId)
SET #cId = SCOPE_IDENTITY();
INSERT INTO [EndUser](Title, FirstName, LastName, uBankID, uCompanyID)
VALUES(#Title, #FirstName, #LastName, #uBankID, #cId)
SET #euId = SCOPE_IDENTITY();
END
You need to declare the variables. And Tab Alleman is right, get rid of the unused parameters.
DECLARE #cId int;
DECLARE #bId int;
DECLARE #euId int;
INSERT INTO [BAD](SortCode,AccountNumber,AccNameHolder)
VALUES('1234','a234','Test Name')
SET #bId=SCOPE_IDENTITY();
INSERT INTO [Company](Organisation,Address1, Address2,City,County,PostCode,Telephone,BankID)
VALUES('AnOrganisation','addressesss','Address2','City','County','PostCode','0123one', #bId)
SET #cId=SCOPE_IDENTITY();
INSERT INTO [EndUser](Title,FirstName,LastName,Email,uBankID,uCompanyID)
VALUES('Sitle','Fiame','astName','vv#Email',#bId,#cId)
SET #euId=SCOPE_IDENTITY();
EDIT
Remove those parameters if they're not being used, but they weren't in the sample code, else leave them, obviously.
Also, I used single quotes to dump in the data into the table rather than variables, if it's not working then there's something wrong with the bank end code.