Well, I didn't find anything on "parameterization", but I did find a WHOLE LOT of information on preventing SQL injection in ASP. So my guess is that you've got to manually go about protecting yourself if you're going to use ASP.
http://www.codefixer.com/codesnippets/function_protect_sql_injection.asp http://www.4guysfromrolla.com/webtech/061902-1.shtml http://www.sitepoint.com/article/sql-injection-attacks-safe/5 http://www.4guysfromrolla.com/webtech/112702-1.shtml ***************** Ken Ferguson 214.636.6126 ***************** > -----Original Message----- > From: Adrian Lynch [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 28, 2006 10:15 AM > To: CF-Talk > Subject: OT ASP's query param > > Need to stop SQL inject in an ASP CMS. I can't find reference to > parameterisation in classic ASP. Any links or pointers. > > Thanks. > > Adrian Lynch > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244985 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
