While passing apostrophe in company name "company's" is giving error

Question

0.00/5 (No votes)

See more:

Error

Invalid length for a Base-64 char array or string.

public  string Decrypt(string dataToDecrypt)
       {

           byte[] data = Convert.FromBase64String(dataToDecrypt.Replace(' ', '+'));
           string decryptedData = string.Empty;

           try
           {
               //ReDim Preserve data(DataLen - 1)

               // The key and initialization vector : change them for your application
               byte[] _key = {
           132,
           42,
           53,
           124,
           75,
           56,
           87,
           38,
           9,
           10,
           161,
           132,
           183,
           91,
           105,
           16,
           117,
           218,
           149,
           230,
           221,
           212,
           235,
           64
       };
               byte[] _iv = {
           83,
           71,
           26,
           58,
           54,
           35,
           22,
           11,
           83,
           71,
           26,
           58,
           54,
           35,
           22,
           11
       };

               MemoryStream mStream = new MemoryStream(data, 0, data.Length);
               // instead of writing the decrypted text

               RijndaelManaged aes = new RijndaelManaged();

               CryptoStream cs = new CryptoStream(mStream, aes.CreateDecryptor(_key, _iv), CryptoStreamMode.Read);

               StreamReader sr = new StreamReader(cs);
               ASCIIEncoding ut = new ASCIIEncoding();
               string ab = sr.ReadToEnd();
               //UTF8Encoding
               decryptedData = ab;
               return ab;
           }
           catch (Exception ex)
           {
               throw ex;
           }
       }

What I have tried:

byte[] data = Convert.FromBase64String(dataToDecrypt);

Posted 17-Apr-17 19:40pm

Member 12986391

Updated 17-Apr-17 21:47pm

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2017-04-17T20:04:00

Loads of problems here:
1) Base64 is not an encryption method - it's a translation method. Thinking of it (and referring to it) as "encryption" encourages a very, very false sense of security as it can be cracked by the average human in seconds. Base64 strings are very recognisable, and easy to reverse. Do not use it for encryption!
2) The apostrophe has nothing to do with the error message you show. The error message implies that the data is wrong, not that the apostrophe in the company name it the cause.

But...these two imply much worse: for an apostrophe to give you problems inserting data into SQL implies that you are concatenating strings to form an SQL command; something like this:

C#

string sql = "INSERT INTO MyTable (CompanyName) VALUES ('" + txtCompName.Text + "')";

That's bad: very, very bad. It leaves your code wide open to SQL injection as well as causing apostrophes to give you problems, which is probably why you are trying to use Base64 to get round it and make it work. You must always use parameterized queries to access SQL, not string concatenation.
And the use of string concatenation probably explains why your Base64 data is the wrong length - you are now doing something like this:

C#

byte[] myDataInBase64 = ...
...
string sql = "INSERT INTO MyTable (CompanyName) VALUES ('" + myDataInBase64 + "')";

And that won't work either, because the default ToString implementation for an array returns the name of the array datatype (such as "System.Byte[]") instead of anything related to it's content.

Again, the fix is to use parameterized queries at all times.

Patrice T · Answer 2 · 2017-04-17T21:47:00

Quote:
Invalid length for a Base-64 char array or string.

Every base64 encoded string length is a multiple of 4because every chunk of 3 chars in the string is encoded to 4 base64 chars and if last chunk is shorter, it is padded until the length is 3.
Base64 - Wikipedia[^]
Show the contain of dataToDecrypt for further help.

Quote:
While passing apostrophe in company name "company's" is giving error

For a problem of apostrophe with an SQL query, trad this:
Never build an SQL query by concatenating with user inputs, it is named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability.
SQL injection - Wikipedia[^]
SQL Injection[^]

While passing apostrophe in company name "company's" is giving error

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0