We help IT Professionals succeed at work.

Coldfusion encrypt function throws error if string has a pound sign. Please assist.

CFbubu
CFbubu asked
on
Hi,

I was wondering how to encrypt a string in coldfusion if it contained special characters like the # sign. I am looking to also be able to use the decrypt function and be able to get back the original unencrypted string that would show the pound sign. Thanks!

Currently, as long as the string contains a pound sign, an error will be thrown. I was initially thinking of using the replace function to replace the pound signs in the string, but this will not work well as I want to be able to decrypt the original string and see the pound signs again. For example, if I chose to replace the pound signs with a '$' sign, than if the original string had both a # sign and a $ sign, than upon decryption, instead of having 1 # sign and 1 $ sign, I will have 2 $ signs.

Thanks for any insight on this.
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
What is the error?

CF doesn't have a problem encoding special characters. But depending on how create the input, you may have to escape the # signs ie Use ##

<cfset key = generateSecretKey("AES")>
<cfset encrypted = encrypt("pound ## sign ##", key, "AES")>
<cfset decrypted = decrypt(encrypted, key, "AES")>
<cfoutput>
encrypted = #encrypted#<br>
decrypted = #decrypted#<br>
</cfoutput>

Author

Commented:
Thanks for your reply Genius :)

Yes, somehow when I used your solution, I could place pund signs into the encrption string and an error will not be thrown. However, if I tried to encrypt a strings below with pund signs, either an error will be thrown or it does not decrypt correctly.

(Example)

1) If the string is '###df#d#', and error will be thrown.

Invalid CFML construct found on line 56 at column 46.
ColdFusion was looking at the following text:
AES

2) If the string is '###R#', an error will be thrown:

Variable R is undefined.

2) If I the string is '####', when decrypted, only 2 pound signs are displayed.

Will the CF encrypt /decrypt functions work with the above examples? I am asking this as I want to be able to encrypt the users password into a session cookie and re-display the data into the form field if the user had some other errors in their form. If they decide to not go through with the form submission again, as least the unexpired client session cookie cannot be read by other means.

Thanks again for your kind wisdom.
 
CERTIFIED EXPERT
Most Valuable Expert 2015
Commented:
>Will the CF encrypt /decrypt functions work with the above examples?

Yes if they're escaped properly.  

Remember, # is a special character in CF.  So when you use it in CF code, ColdFusion thinks you're outputting a variable with two pound signs: one at the beginning and the end. That's why it throws an error on this string. It has an an uneven number of pound signs (5)

      '###df#d#'

To produce a literal pound sign, you have to escape it by using two  pound signs

        <cfset myVar = "##">              =equals=         #          1 pound sign
        <cfset myVar = "####">         =equals=       ##          2 pound signs
        <cfset myVar = "######">    =equals=     ###         3 pound signs

But I don't think it's going to be an issue.  The error you're getting only occurs when you construct strings within the CF code.  It doesn't apply when a user submits a form.  Notice it works perfectly (without any escaping) if you submit those same strings through a form field:

<cfif structKeyExists(FORM, "inputString")>
<cfset key = generateSecretKey("AES")>
<cfset encrypted = encrypt(inputString, key, "AES")>
<cfset decrypted = decrypt(encrypted, key, "AES")>
<cfoutput>
encrypted = #encrypted#<br>
decrypted = #decrypted#<br>
</cfoutput>
</cfif>


<form method="post">
	<input type="text" name="inputString">
	<input type="submit">
</form>

Open in new window



Author

Commented:
Awesome! you showed me the light! :)

Thanks so much!

Author

Commented:
Solution was clear and to the point!
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
Glad I could help :)

Explore More ContentExplore courses, solutions, and other research materials related to this topic.