SQL Server sha1 value in prepared statement gives a different value than hardcoded string

I am trying to encrypt a password in SQL Server and I'm getting two different results when I use a string vs. using a prepared statement parameter.

For example:

SELECT 
    sys.fn_varbintohexstr(HASHBYTES('sha1', ?)),
    sys.fn_varbintohexstr(HASHBYTES('sha1', 'password'))

Where the ? is populated by 'password'. It gives me

0xe8f97fba9104d1ea50479...
0x5baa61e4c9b93f3f06822...

Why am I getting two different results for what should be the same thing?

Also, this is only happening in SQL Server, if I do a similar query in MySQL, it returns the same value for both.

I know I should be using better encryption, but I am stuck with sha1 (no salt) for now.

Thanks

One is a varchar the other nvarchar

SELECT 
 sys.fn_varbintohexstr(HASHBYTES('sha1','password')),
 sys.fn_varbintohexstr(HASHBYTES('sha1',N'password'))

returns

0x5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
0xe8f97fba9104d1ea5047948e6dfb67facd9f5b73

来源：https://stackoverflow.com/questions/16846256/sql-server-sha1-value-in-prepared-statement-gives-a-different-value-than-hardcod

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!