|
|||||||
| ASP Discussion and technical support for using and deploying Active Server Pages. |
|
|
Thread Tools | Rate Thread | Display Modes |
|
#1
08-10-2007, 10:16 AM
|
|||
|
|||
|
Classic ASP - help using parameters
I have some old code that I inherited and I need to update it to use parameters to prevent SQL injection attacks. I've tried the below but I get error that I "Must declare the variable '@fName'." Does some one see what's wrong. Also, if someone has a an example to update and insert using parameters I would appreciate it. I've tried googoling but you get about a million hits and everything is for .Net
Below is the code I have. set objCmd = Server.CreateObject("ADODB.Command") With objCmd .ActiveConnection = conn .CommandText = "select userID from tblUser where fname = @fName and lname = @lName and company = @Company and email = @eMail" .Parameters.Append .CreateParameter("@fName", adVarChar, adParamInput, 50, strfname) .Parameters.Append .CreateParameter("@lName", adVarChar , adParamInput, 50, strlname) .Parameters.Append .CreateParameter("@Company", adVarChar , adParamInput, 75, strcompany) .Parameters.Append .CreateParameter("@eMail", adVarChar , adParamInput, 100, stremail) Set rs2 = .Execute End With THanks Allen
__________________
In God we trust, all others pay cash Last edited by AppalachiaAl; 08-10-2007 at 10:23 AM. 
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Threaded Mode