encrypt/decrypt bug

This is driving me crazy!! For this code: <cfif IsDefined("form.myVAR") AND #form.myVAR# NEQ "">    <cfset encrpt_myVAR=encrypt("#trim(FORM.myVAR)#","#encCODE#")> </cfif> Figure this out. Here's a few test: ----------------------------------------------- Form Entry: 2222    Decrypted output: 2222 Form Entry: 22222    Decrypted output: 2222= form Entry: 222222   Decrypted output: 222222 form entry: 33333332   Decrypted output: 3333333= form entry: abcdef2   Decrypted output: abcdef2 form entry: abcdef32   Decrypted output abcdef3= form entry: abcdef33   Decrypted output abcdef33 I can pretty much put anything I want into the form field and it encrypts correctly - UNLESS it ends in a "2". Then it's screwed - sometimes. I can't tell if the problem is on the encrypt or decrypt side either. During these test, the var "encCODE" was kept constant. I haven't tried yet, but wonder if changing it would make a difference. Will try that next. Something I'll get a ">" some instead of the equal sign. It's ONLY a "2" that does this. WTF? Any ideas at all? Is there a patch from the version below to fix this? It's driving myself and a client insane right now!!! Level: Enterprise Name: ColdFusion Server Version 7,0,2,142559

Could you post the entire encrypt/decrypt code snip? This is driving me crazy!! For this code: <cfif IsDefined("form.myVAR") AND #form.myVAR# NEQ "">    <cfset encrpt_myVAR=encrypt("#trim(FORM.myVAR)#","#encCODE#")> </cfif> Figure this out. Here's a few test: ----------------------------------------------- Form Entry: 2222    Decrypted output: 2222 Form Entry: 22222    Decrypted output: 2222= form Entry: 222222   Decrypted output: 222222 form entry: 33333332   Decrypted output: 3333333= form entry: abcdef2   Decrypted output: abcdef2 form entry: abcdef32   Decrypted output abcdef3= form entry: abcdef33   Decrypted output abcdef33 I can pretty much put anything I want into the form field and it encrypts correctly - UNLESS it ends in a "2". Then it's screwed - sometimes. I can't tell if the problem is on the encrypt or decrypt side either. During these test, the var "encCODE" was kept constant. I haven't tried yet, but wonder if changing it would make a difference. Will try that next. Something I'll get a ">" some instead of the equal sign. It's ONLY a "2" that does this. WTF? Any ideas at all? Is there a patch from the version below to fix this? It's driving myself and a client insane right now!!! Level: Enterprise Name: ColdFusion Server Version 7,0,2,142559

Hi Les, I've seen similar behavior most typically when I'm also urlencoding the the encrypted value. What I figured out was happening is that if the encrypted value contained a space, when urlencodedformat() was run on it, the space would get converted to "%20" as expected. However, when it was decoded, the spaces were converted to "+" instead of a space, then the decrypt would  not function properly. In my situation that either resulted in strange characters being added or usually resulting in a null pointer reference error. Also, this was under CFMX6.1. Cheers, Kris ----- Excess quoted text cut - see Original Post for more -----

Since you are running CFMX 7, you might give the new encryption methods a try. If you encode using Hex, you should be able to use the encrypted string directly in a URL without encoding it. example: <cfset x = encrypt(var,key,"blowfish","hex")> Good luck, Mike Chabot ----- Excess quoted text cut - see Original Post for more -----

Interesting - changing the value of #encCODE# to a longer string seems to have fixed the problem. Haven't tested with every possible combination of letters/numbers on the input yet, so ya never know - but it seems to like 2s now. Very odd... ----- Excess quoted text cut - see Original Post for more -----

This is going to sound weird but I've seen two issues nesting a trim() inside other functions in the past. When I moved it above the function and cfset to a temp it fixed the error. May not apply here but its only a 15 second test :)