ASP SQL injection prevention method_jquery

Below we will introduce another method to prevent SQL injection attacks in ASP. This method is not only applicable in ASP, but can actually be used in any language that uses the ADO object model to interact with the database. To be precise, it is called ADO-based. The object model approach to preventing SQL injection may be more appropriate. Okay, without further ado, let’s take a look at the code

Copy the code The code is as follows:

Dim conn,cmd,pra
set conn=server.createobject("adodb.connection")
conn.Open "…………" 'The database connection word is omitted here

set cmd=server. createobject("adodb.Command")
set pra=server.createobject("adodb.Parameter")
cmd.ActiveConnection = conn

cmd.CommandText = "update news set title=? where id =?"
cmd.CommandType = adCmdText

Set pra = cmd.CreateParameter("title", adVarWChar, adParamInput, 50, "1'2'3")
cmd.Parameters. Append pra

Set pra = cmd.CreateParameter("id", adInteger, adParamInput, , 10)
cmd.Parameters.Append pra

cmd.Execute

The id field of the news table is of type Integer, and the title field is of type nvarchar(50). The result of the execution is to change the content of the title field of the record with the id field of 10 in the news table to "1'2'3 "