This article mainly introduces examples of ASP executing SQL statements with parameters. Parameterized SQL statements can effectively prevent SQL injection vulnerabilities. Friends in need can refer to it.
Asp executes a sql statement with parameters. You need to add parameters to the sql statement, which can effectively shield SQL injection. The source code is as follows:
Copy the code code as follows:var conn = Server.CreateObject(ADODB.Connection);
conn.ConnectionString = Provider=Microsoft.Jet.OLEDB.4.0;Data Source= + Server.MapPath(Test.mdb);
conn.Open();
var cmd = Server.CreateObject(ADODB.Command);
cmd.ActiveConnection = conn;
cmd.CommandType = 1;
cmd.CommandText = SELECT TOP 1 * FROM [User] WHERE UserName = ? AND Password = ?;
cmd.Parameters.Append(cmd.CreateParameter(@UserName, 200, 1, 20, user01));
cmd.Parameters.Append(cmd.CreateParameter(@Password, 200, 1, 16, 123456));
var rs = cmd.Execute();
Response.Write(rs(UserId).value);
rs.Close();
conn.Close();