Is there any tool available that can encrypt Credit card numbers or other fields stored in the database? For example, when a customer enters his credit card number or his password on the site, is there a way by which the Front end can encrpt the field before storing it in the database and decrypt it when it the customer requests it, through the application?
table Orders ord_id int ord_CudtomerID int, ord_CardNo char(16)
Example values in table CreditCardRange 1 , 5000 0000 2000 1234 , 5000 0030 3000 1356
Example values in table Orders 1, 1, 5000 0010 2000 2333
Does sql provide any magic finction to help in following select
select T1.* from Orders T1 join CreditCardRange T2 on T2.ccr_CudtomerID = t1.ord_CudtomerID and SQLMagicFunction(T1.ord_CardNo) between SQLMagicFunction(T2.ccr_CardRangeFrom ) and SQLMagicFunction(T2.ccr_CardRangeTo )
I am new to SQL developement ( am .Net developer). I need to implement a stored proc in sql 2005 on CC expiration task.
I have CC exiration date. By using expiration date (like '01/08'),
Conditions are:
1. If CC expiring within 31 days. Stored proc will write the Customer data in EmailNotification table with message type =1. (Customer will not get second notification until 14 days before expiring)
2. If CC expiring within 14 days. Stored proc will write the customer data in EmailNotification table with message type =2. (Customer will not get second notification until 11 days before expiring)
3. If CC expiring within 11 days. Stored proc will write the customer data in EmailNotification table with message type =3. (Customer will not get second notification until 2 days before expiring)
4. If CC expiring within 2 days. Stored proc will write the customer data in EmailNotification table with message type and update orderStatusID to On Hold CC Expired in order table.
My Tables are
1.
TABLE [dbo].[Order]( [OrderID] [int] IDENTITY(1,1) NOT NULL, [CustomerID] [int] NOT NULL, [CustomerCode] [nvarchar](12) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [DateCreated] [datetime] NOT NULL, [DateOrdered] [datetime] NOT NULL, [OrderTypeID] [int] NULL, [OrderStatusID] [int] NULL, [LastProcessDate] [datetime] NULL,
2. CREATE TABLE [dbo].[Payment]( [PaymentID] [int] IDENTITY(1,1) NOT NULL, [OrderID] [int] NOT NULL, [OrderPaymentType] [nvarchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [PaymentType] [nvarchar](2) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [CreditCardNumber] [varbinary](max) NULL, [Last4DigitsOfCreditCardNumber] [nvarchar](4) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [ExpirationDate] [varbinary](max) NULL, [CVV2] [varbinary](max) NULL, [Amount] [numeric](18, 2) NOT NULL
3. CREATE TABLE [dbo].[Customer]( [CustomerID] [int] IDENTITY(1,1) NOT NULL, [CustomerCode] AS ([dbo].[udf_FormatCode]('RS',[CustomerID])), [Email] [nvarchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [FirstName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [MiddleName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [LastName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [DateCreated] [datetime] NOT NULL, [DateModified] [datetime] NOT NULL, [MembershipTypeID] [int] NULL
Please atleast basic structure of stored proc code. It will greatful to me.
Hi friends, i got an issue on my website regarding theft of cc details...sql db contains credit card details table ... it has been hacked by someone...we have analysed that latest cards are misused.. i have tried different scenarios(sql injection) ... what are all the key things have to check and implement .can any one advise please..
I have typed a query by combining multiple tables to show sum of TotalReceivedAmount by MRN. It also have payment mode which is paid by cash or credit card. Now the query shows the sum for MRN combining all the payment done by credit card and cash. How am I supposed to show the amount paid by credit card and cash separately?
Here is the query :
SELECT Distinct   dbo.CA_Payment.MRN, dbo.CA_Patient.FirstName, dbo.CA_PaymentModeMaster.Description AS PaymentMode, CASE (dbo.CA_Payment.PaymentModeID) WHEN 2 THEN dbo.CA_Payment.CardNumber END AS CreditCardNumber, CASE (CA_Registration.PatientTypeID) WHEN 1 THEN dbo.CA_PatientTypeMaster.Description WHEN 2 THEN dbo.CA_DebtorMaster.DebtorName END AS Debtor,Â
Hi,A co-worker is creating a vb.net web application which uses theCryptKeeper.dll to encrypt credit card numbers into a sql database.It is my job to pull these encrypted numbers and use the decryptmethod of this dll to show the credit card numbers on a ReportingServices report. I'm not even sure where this should be done. In thesql stored procedure or in the report itself? Any help would begreatly appreciated.Thanks in advance,Amy Bolden
As part of UK compliance, we are going to start use an encrytption package (GNUPG), which will be running on a different Server to Reporting Services. A program has been written in C#, to handle requests (from mainframe and PC applications) to encrypt/decrypt credit card details. The encrypted card details are held in an NCR Teradata data warehouse, which Reporting Services can access. The encryption can be called using a http://server/folder/program?DATA=
In Reporting Services, a Data Source connection will be made, using an OLE DB .NET connection to the Teradata machine. SQL code will be included, which will link tables and retrieving the required fields for use in the report. I want to call the encryption program to decrypt the card number, so the actual card number can be printed in the body of the report.
There will probably be a requirement to write some parameter selection SQL as well, so a card nmuber can be entered as a report parameter field, which the SQL will have to either encrypt first, then process the SQL statement down the tables.
I have successfully finish Oracle OCA Exam. Currently I am Microsoft Certified Database administrator(MCDBA) I would like to know there is any way I could use OCA Credit to any Microsoft Exam. If any advice will be helpful.
Thanks Faiz Farazi www.databasetimes.net Best learning center for Microsoft http://www.lascomp.com
We need to store credit cards for a limited amount of time because we charge for orders as they ship and occasionally the authorization expires before the item can ship.
I know I can use AES_256 to encrypt our credit cards but I am not sure if all I need to do is follow the directions in the "How-to" for encrypting data.
I created the master key, backed it up off the server the certificate and the symmetric key and I can encrypt and decrypt data.
Is this all I need to do or am I missing something?
I'm trying to put together a script that would alter a table and add NOT FOR REPLICATION to the identity column on several hundred tables. Since I am unable to write a complex script to automate the entire process, I've decided to do the update one table at a time. Here is a script that I'm working on. I'm getting an error message when I try to run the script. Can someone please show me how to properly use variable with a wild card in a string ? or how to properly add this variables in this script?
DECLARE @Var1 AS CHAR(50), @tbn AS CHAR(50) SELECT @tbn = 'tablename' SELECT @Var1 = Name FROM SysIndexes WHERE Name LIKE 'pk%' AND Name LIKE '%' + @tbn + '%' EXECUTE('ALTER TABLE [@tbn] DROP CONSTRAINT ' + @Var1 ALTER TABLE + @tbn + DROP COLUMN mkey ALTER TABLE + @tbn + ADD viewkey INT IDENTITY (1,1) NOT FOR REPLICATION NOT NULL ALTER TABLE + @tbn + ADD CONSTRAINT PK_+ @tbn PRIMARY KEY (mkey) WITH FILLFACTOR=90 ON [PRIMARY]
I am developing one web site, in that I can upload files to sql server, it will save the uploaded file in binary type and we can download the files from there. Upto this everything is working perfectly. But now my problem is - i have to implement the wildcard character search in this site. The file name and extension will save on the database in different columns, and one more thing is file name is unique. I confused to implement wildcard search in this site, where i can implement this type of search in database or in my application with c#? So please help me to do this. I dont know that this is the right place to post this question or not. If it is not right place, please guide me to where I can post this. If it is right place, please help me to implement wild card search.
My team is currently building a system for the Windows CE 5.0 platform that uses a SQL CE database to synchronize with a SQL Server 2005 database. During this synchronization process, the application needs to pull down a good bit of data and it reaches its cap for memory. A possible solution for this is to use an SD card for storing the database. However, when the Synchronization process is run, the following SQL Exception Occurs:
HResult = -2147467259 Message = "SQL Mobile encountered problems when creating the database." NativeError = 28558 Source = "Microsoft SQL Server 2005 Mobile Edition" StackTrace = at System.Data.SqlServerCe.NativeMethods.CheckHRESULT() at System.Data.SqlServerCe.SqlCeReplication.AddSubscription() Our Trace at System.Windows.Forms.Control.OnClick() at System.Windows.Forms.Control.WnProc() at System.Windows.Forms.Control._InternalWnProc() at Microsoft.AGL.Forms.EVL.EnterMainLoop() at System.Windows.Forms.Application.Run() Main
The connection string we're using for the Mobile Database is "data source=Storage CardDatabase.sdf"
Has anyone ever had any problems when trying to perform Merge/Replication on expandable Flash Memory and if so, how did you solve them?
SQL mobile apps like - .Net Frame work, SQLCE mobile etc - can they be install on the Storage Card? I am running out of space on my Verizon 6700 and don't have enought memory to install on the device. I cleaned up as much as I could still not enough space on the device.
I develop a app on PPC 4.20 using SQLServer 3.1. I developed a o/r mapper whitch auto-creates the Database and Tables using attribute-decorated objects. That all works fine - as long as my Database is in \MyDocuments . Trying to store the Database in \Storage Card\test.sdf, whitch is absolut neccessary because it will become to big for storing onto device, I get error 25113, "A not supportes operation to host was called" (Translated from German)
When I trie to copy a Database to the SD-Card, inserts are not commited.
Is it not supported to store Databasefiles on a Flashcard?
My development-environment is .net 2.0 sp2, device-emulator v2, Windows XP, vs2005. In the emulator, i have linked a windows-based directory as storagecard.
What am I doing wrong??
class SQLManager { private static SQLManager instance = null;
In the below section of code I'm connecing to a SQL database and when I use the "=" in the search it works ok, but when I try to add the ability to use wildcards by changin "=" to "LIKE" its not working
Working code:
Function GetName(ByVal first_Name As String) As System.Data.DataSet Dim connectionString As String = "server='(local)'; trusted_connection=true; database='FamilyInfo'" Dim dbConnection As System.Data.IDbConnection = New System.Data.SqlClient.SqlConnection(connectionString)
Dim queryString As String = "SELECT Names.* FROM Names WHERE (Names.First_Name = @First_Name)" Dim dbCommand As System.Data.IDbCommand = New System.Data.SqlClient.SqlCommand dbCommand.CommandText = queryString dbCommand.Connection = dbConnection
Dim dbParam_first_Name As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter dbParam_first_Name.ParameterName = "@First_Name" dbParam_first_Name.Value = first_Name dbParam_first_Name.DbType = System.Data.DbType.StringFixedLength dbCommand.Parameters.Add(dbParam_first_Name)
Dim dataAdapter As System.Data.IDbDataAdapter = New System.Data.SqlClient.SqlDataAdapter dataAdapter.SelectCommand = dbCommand Dim dataSet As System.Data.DataSet = New System.Data.DataSet dataAdapter.Fill(dataSet)
Return dataSet End Function
Code that I would like to work
Function GetName(ByVal first_Name As String) As System.Data.DataSet Dim connectionString As String = "server='(local)'; trusted_connection=true; database='FamilyInfo'" Dim dbConnection As System.Data.IDbConnection = New System.Data.SqlClient.SqlConnection(connectionString)
Dim queryString As String = "SELECT Names.* FROM Names WHERE (Names.First_Name LIKE '%' + @First_Name '+')" Dim dbCommand As System.Data.IDbCommand = New System.Data.SqlClient.SqlCommand dbCommand.CommandText = queryString dbCommand.Connection = dbConnection
Dim dbParam_first_Name As System.Data.IDataParameter = New System.Data.SqlClient.SqlParameter dbParam_first_Name.ParameterName = "@First_Name" dbParam_first_Name.Value = first_Name dbParam_first_Name.DbType = System.Data.DbType.StringFixedLength dbCommand.Parameters.Add(dbParam_first_Name)
Dim dataAdapter As System.Data.IDbDataAdapter = New System.Data.SqlClient.SqlDataAdapter dataAdapter.SelectCommand = dbCommand Dim dataSet As System.Data.DataSet = New System.Data.DataSet dataAdapter.Fill(dataSet)
Using shared folder in windows mobile 5 emulator, it is not possible to create a database (sqlserver mobile 2005) in the emulated storage card.
The error "sql mobile made an unsupported request to the host operating system. Minor Err 25133 is raised. Reading or writing file from/to the emulated storage card occurs without error.
I have seen some different behaviors when I am writing SQL Server compact edition Database file into SD Memory card or any user removable storage media.
The following Steps for reproducing these behaviors.
1. Set your database location is in the SD Memory card. 2. Create a database and establish session. 3. Writing first record into the database is done 4. Remove your SD card manually from the system 5. Try to write a Second record into the database 6. You will get the error from this "SqlCeWriteRecordProps" API call - This is fine. 7. Put your SD card back into the system. 8. Writing Second record again into the database is done - This is fine.
So far the behaviors are good after that
9. Remove your SD card manually from the system again 10. Try to write a Third record into the database 11. You will suppose to get the error from this "SqlCeWriteRecordProps" API call but you won€™t get that error €“ I don€™t know why? 12. Then Try to write a Forth record into the database 13. You won't get any error from the API call "SqlCeWriteRecordProps" and return status is success. 14. Now put your SD card back into the system. 15. Then write Fifth record but this time its writing record Third, Fourth and Fifth into the database.
Note: I am clearing (means Free) my record structure everything after calling this function "SqlCeWriteRecordProps". So I don€™t know why its wring Third, fourth and fifth record into the database.
ok i have intel dual core i have a conflict only in playing a game black hawk down it gives me a run stop error. locks up and has to be restarted. microsoft gave me a fix but when i do the fix it causes me to get a system dump error on the game. i can update my web site do anything else let daughter play her games or do her school work and nothing happens. i was told i needed to set up the dual core so that my programs dont conflict i am a moron when it comes to computers is there a fix for this or i am i just going to have to go back to single core processor for now thanks
I have built an application for storing my flight times on my phone after each leg of a trip... I am using C# and Sql CE as the storage system for later export to a larger desktop version (in the works). My question is related to storing the sdf file on the storage card. Can it be done and what would the connection string look like since I have tried and got a error stating it can't find the sdf file in question. I have it setup right where if I were to do a fresh install it would ask for the install directory main memory or storage card. If I select storage card it installs just fine but when I run the app it does fail with the aforementioned error..
Hi All, I'm trying to use a very simple SQL String that check if a specific string exist in the DB. When I do the SQL and use a regular Connection I get the result. When I use a data set and on the table adapter I need to use the "LIKE %" method I get an error.
What should I write on the table adapter in order to make this search?
ItemID is a type string.
This is my SQL: SELECT itemID, itemName FROM Items WHERE (itemID LIKE @ItemIDTemp)
This sample give no result or
SELECT itemID, itemName FROM Items WHERE (itemID LIKE '%' + @ItemIDTemp + '%')
This sample return an error message "Data conversion failed. [OLEDB status value (if known)=2]"
I am using Conditinal split in my package. I need to remove certain rows which are matching my criteria. The criteria requires using wild card characters like, first_name = '%john%'.
I'm using a Hemisphere West MSR-152 card reader. I need to take data from the reader and store it into SQL Server 2005 Express. Can anyone give ideas on how to do this (sample code recommendations). I'm using visual studio 2005 express and I code with VB.NET.
We are using SQL Server 2008 as our database and use Access as a GUI. I am looking to create a form in Access where employees can access their time card and request changes from management. I want to use the format from the attached screen shot for the form. I pretty much know how to do it all, the only point of complication is trying to figure out the easiest way to get the transaction punch record data on employee_punch_record into a format where I can easily populate the form in the horizontal format you see in the screen shot.
I am not super strong in SQL, but figure I can do it using a formatting table of some sort. quick and easy way to move transaction records into a more horizontally oriented record?
I am working on a query application, and I want to do syntax validation before I submit the dynamically sql to the database. The expression will include ANDs, ORs, IN, (,),>,<,etc. Anyone done this already? any code snippets?
FROM SERVICE [ewx.co.za/Service/store001_ewx_sb_service]
TO SERVICE 'ewx.co.za/Service/ewx_sb_hub_service'
ON CONTRACT [ewx.co.za/Contract/ewx_Contract];
SET @msg = '<InventoryUpdate>
<TitleId>STORE001TEST1</TitleId>
<Quantity>7777</Quantity>
</InventoryUpdate>';
SEND ON CONVERSATION @h
MESSAGE TYPE [ewx.co.za/Message/ewx_sendmsg](@msg);
Now to test errors comming back on the aueue i sed to make the xml tags wrong, then the target would send a error back on the queue with xml validation failed (both queues have validation well_formed_xml). However now in testing i cannot even send the message i get an invalid xml error straight away, i am not sure why this is , i know the xml is not valid but the send used to work and i would get an erro rback, as the xml is validated by the ttarget, but this no longer works it ails strainght away, with no thing in any queue. What could be causing this ?
I think I have read online a recommendation about not using XML VALIDATION in a production environment, due to performance reasons. Is it recommended using other that NONE validation in production, and is there available documentation for a scale that grades performance hits for various types of validations?
Afternoon all,I want my SQL SP to do some validation on a form submit to do the following before committing to the table.If email address (txt.Email.Text) doesn't exist in the table, commit values.if email address (txt.Email.Text) does exist and option (radOptions.SelectedValue) equals 1, print message to say 'you're already subscribed'if email address (txt.Email.Text) does exist and option (radOptions.SelectedValue) equals 0, print message to say 'you're not subscribed'if email address (txt.Email.Text) does exist and option (radOptions.SelectedValue) equals 1 or 0, update row to 0 or 1 (depending on subscribe or unsubscribe - 1 = subscribed, 0 = unsubscribed) The simple SP is currently:ALTER procedure [dbo].[sp_customerSignups]@name varchar(50),@email varchar (50),@subscribed intasBEGININSERT INTO tblCustomerSignups(Name, EmailAddress, Subscribed)VALUES(@name, @email, @subscribed)END Does anyone have the correct syntax for this?Thanks,Brett