Home

Prevent SQL Injection With Classic ASP

Dan
By Dan
0
1134

Classic ASP might seem like a language that is dead and gone, but it is still alive…somehow. With a language that has become outdated, it can be difficult to fight against modern security risks. Knowing how to prevent SQL injection with classic ASP is a valuable bit of code to have at your disposal. With bots capable of hacking sites, you don’t to make things easy for them. Thankfully, there is a way to setup prepared statements using Classic ASP.

If you are familiar with prepared statements, this shouldn’t be too much trouble. I will admint, this is a pretty ugly implementation, but ASP isn’t exactly bleeding edge, so this is the best we have. The first and most awkward thing about prepared statements with classic ASP, is that you need to declare the data type. For example, if a field in a DB is of type int, you need to declare this when creating the statement. It seems odd, but this is how it goes. the following code will show you a quick and easy way to pull a row from a database by using an ID that is passed in the querystring.

if request.querystring("id") <> "" and IsNumeric(request.querystring("id")) then
    set cmd = Server.CreateObject("ADODB.Command")
    set rs = Server.CreateObject("ADODB.Recordset")

    cmd.ActiveConnection = objConnection
    cmd.CommandText = "SELECT * FROM Posts WHERE id = ?"
    cmd.Parameters.Append(cmd.CreateParameter("@id", 3, 1, , request.querystring("id")))
    set rs = cmd.Execute()

    if not (rs.eof and rs.bof) Then
        'do something
    end if
end if

The only thing that needs to change are the parameters that you pass into the CreateParameter function. As I mentioned previously, you need to declare the data type when adding a command parameter. A full list of all of the data type codes can be found here http://www.w3schools.com/asp/met_comm_createparameter.asp

This is a pretty solid way to prevent sql injection with classic ASP. Nothing is ever bulletproof, so always be on the lookout for ways to further improve the security by validating data even further to prevent any bad data making its way into a query string.

 

Previous article
How To Check If An Email Is Valid And Inbox Exists
Next article
Download A File Using ASP MVC

Related Articles

Related Questions

Why Does My PC Freeze for 30 Seconds When It’s Idle?

Hey everyone, I've been dealing with an annoying problem where my PC just freezes up for about 30 seconds when it's idle. During this...

Crashing Issues While Gaming – Seeking Help!

Hey everyone, I'm really struggling with my gaming rig right now. After recently replacing my motherboard, PSU, and CPU, I'm encountering constant crashes when...

What Linux Distro Should I Try?

Hey everyone! My 8-year-old is super into computers and has made the switch to Linux. He's encouraging me to try it out too, but...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Tools

Scavenger Hunt Team Randomizer

Tool Dan -
Planning a scavenger hunt and need to split participants into random teams? Whether you're organizing a school activity, a corporate team-building event, or a...

File Hash Generator Online – Get Instant MD5 and SHA-256 Hashes

Math Tools Dan -
Whether you are validating downloads, checking for corruption, or comparing files for duplicates, having a fast and secure way to generate file hashes is...

Visual CSS Editor for Modern Glass UI Effects

Programming Tools Dan -
Modern UI design is all about clean, layered aesthetics, and few styles deliver this better than glassmorphism. If you're designing sleek user interfaces and...

Fast and Accurate Tap BPM Counter – Free Web Tool

Audio Tools Dan -
Whether you're producing music, DJing live, or just figuring out the tempo of a song, knowing the BPM (beats per minute) can be critical....

Glassmorphism CSS Generator with Live Preview

Programming Tools Dan -
Glassmorphism is one of the most visually striking design trends in modern UI. Its soft, frosted-glass effect adds depth and elegance to web interfaces,...

Add Custom Speech and Caption Boxes to Any Image Online

Image Tools Dan -
Creating comic-style images used to require complex design tools or specialist software. Whether you're making memes, teaching graphics, social media posts or lighthearted content,...

Latest Posts

Latest Questions