Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Cowboy
Yak Posting Veteran
72 Posts |
 Posted - 2008-04-11 : 11:18:56
|
| Hi all, I am using classic ASP and SQL Server 2005. Can I use parameters like @whatever in my asp code or are they for stored procedures exclusively? I am trying to change the output of a request.form into a paramater so I can prevent SQL injection I am aware of using trim to counter this but I wasn't sure of the best practice.I want to build a spaceship with ligthspeed capabilities and I don't even know what a wrench is. |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-04-11 : 11:53:22
|
| Yup you can pass parameters from asp to you stored procedures.You can perform client side validations too to prevent sql injection.Usual way to do is pass the parameters as form variables and capture them in your presentation layer function in application like vb and then pass it down to stored procedure. |
 |
|
|
Cowboy
Yak Posting Veteran
72 Posts |
Posted - 2008-04-11 : 12:05:28
|
| Hi visakh, I had a look at the link you posted before:[url]http://www.macronimous.com/resources/stored_procedures_for_ASP_and_VB_Programmers.asp[/url]but it gives no mention of passing form data, I have tried using the CreateParameter method but was getting errors would you use this method to create the paramaters in ASP?So can I use paramaters like @whatever without a stored procedure to protect against sql injection?I want to build a spaceship with ligthspeed capabilities and I don't even know what a wrench is. |
|
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-04-11 : 12:20:52
|
| this gives an idea of how to pass form varaibles using asphttp://www.daniweb.com/forums/thread5436.html |
|
|
|
Cowboy
Yak Posting Veteran
72 Posts |
Posted - 2008-04-11 : 12:29:43
|
| Sorry I should rephrase that I want to convert asp form data into sql parameters.I want to build a spaceship with ligthspeed capabilities and I don't even know what a wrench is. |
|
|
|
|
|
|
Parameters