Home

Prevent SQL Injection With Classic ASP

Dan
By Dan
0
1138

Classic ASP might seem like a language that is dead and gone, but it is still alive…somehow. With a language that has become outdated, it can be difficult to fight against modern security risks. Knowing how to prevent SQL injection with classic ASP is a valuable bit of code to have at your disposal. With bots capable of hacking sites, you don’t to make things easy for them. Thankfully, there is a way to setup prepared statements using Classic ASP.

If you are familiar with prepared statements, this shouldn’t be too much trouble. I will admint, this is a pretty ugly implementation, but ASP isn’t exactly bleeding edge, so this is the best we have. The first and most awkward thing about prepared statements with classic ASP, is that you need to declare the data type. For example, if a field in a DB is of type int, you need to declare this when creating the statement. It seems odd, but this is how it goes. the following code will show you a quick and easy way to pull a row from a database by using an ID that is passed in the querystring.

if request.querystring("id") <> "" and IsNumeric(request.querystring("id")) then
    set cmd = Server.CreateObject("ADODB.Command")
    set rs = Server.CreateObject("ADODB.Recordset")

    cmd.ActiveConnection = objConnection
    cmd.CommandText = "SELECT * FROM Posts WHERE id = ?"
    cmd.Parameters.Append(cmd.CreateParameter("@id", 3, 1, , request.querystring("id")))
    set rs = cmd.Execute()

    if not (rs.eof and rs.bof) Then
        'do something
    end if
end if

The only thing that needs to change are the parameters that you pass into the CreateParameter function. As I mentioned previously, you need to declare the data type when adding a command parameter. A full list of all of the data type codes can be found here http://www.w3schools.com/asp/met_comm_createparameter.asp

This is a pretty solid way to prevent sql injection with classic ASP. Nothing is ever bulletproof, so always be on the lookout for ways to further improve the security by validating data even further to prevent any bad data making its way into a query string.

 

Previous article
How To Check If An Email Is Valid And Inbox Exists
Next article
Download A File Using ASP MVC

Related Articles

Related Questions

Help! Upgraded to React 19 and Now I’m Getting an Error

I recently made the jump from React 18 to React 19, and while doing so, I ran into some dependency issues. Some libraries weren't...

Why Does Windows Explorer Keep Using So Much Memory on My Laptop?

My laptop frequently freezes, and I learned that restarting Windows Explorer could help. However, I've noticed that every time I do this, the memory...

How to Handle External Failed Login Attempts?

I'm currently looking into a series of external failed login attempts flagged by our Sentinel alerts. The reports indicate that the reasons for these...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Tools

Scavenger Hunt Team Randomizer

Tool Dan -
Planning a scavenger hunt and need to split participants into random teams? Whether you're organizing a school activity, a corporate team-building event, or a...

File Hash Generator Online – Get Instant MD5 and SHA-256 Hashes

Math Tools Dan -
Whether you are validating downloads, checking for corruption, or comparing files for duplicates, having a fast and secure way to generate file hashes is...

Visual CSS Editor for Modern Glass UI Effects

Programming Tools Dan -
Modern UI design is all about clean, layered aesthetics, and few styles deliver this better than glassmorphism. If you're designing sleek user interfaces and...

Fast and Accurate Tap BPM Counter – Free Web Tool

Audio Tools Dan -
Whether you're producing music, DJing live, or just figuring out the tempo of a song, knowing the BPM (beats per minute) can be critical....

Glassmorphism CSS Generator with Live Preview

Programming Tools Dan -
Glassmorphism is one of the most visually striking design trends in modern UI. Its soft, frosted-glass effect adds depth and elegance to web interfaces,...

Add Custom Speech and Caption Boxes to Any Image Online

Image Tools Dan -
Creating comic-style images used to require complex design tools or specialist software. Whether you're making memes, teaching graphics, social media posts or lighthearted content,...

Latest Posts

Latest Questions