found this on google:
http://lists.evolt.org/archive/Week-of-Mon-20051107/177585.html
strSQL = "SELECT UserID FROM Users WHERE UserName = @UserName AND
UserPassword= @UserPassword"
With objCommand
Set .ActiveConnection = objConn
.CommandText = strSQL
.Parameters.Append .CreateParameter("@UserName", adVarChar, 50)
.Parameters.Append .CreateParameter("@UserPassword", adVarChar, 50)
End With
Set objRS = objCommand.Execute
Peterson, Chris wrote:
> You could re-write the app in Coldfusion and use <cfqueryparam> =)
>
> (sorry, I couldn't help myself)
>
> Chris
>
> -----Original Message-----
> From: Adrian Lynch [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 28, 2006 10:15 AM
> To: CF-Talk
> Subject: OT ASP's query param
>
> Need to stop SQL inject in an ASP CMS. I can't find reference to
> parameterisation in classic ASP. Any links or pointers.
>
> Thanks.
>
> Adrian Lynch
>
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244968
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
