Next we will introduce another method to prevent SQL injection attacks in ASP. This method is not only applicable in ASP, but can be used in any language that uses ADO object models to interact with databases, to be accurate, it is more appropriate to call the method of anti-SQL Injection Based on the ADO object model. Okay. Let's take a look at the code.
Copy codeThe Code is as follows: Dim conn, cmd
Set conn = server. createobject ("adodb. connection ")
Conn. Open "............ "'The database connection word is omitted here
Set cmd = server. createobject ("adodb. Command ")
Set upa = server. createobject ("adodb. Parameter ")
Cmd. ActiveConnection = conn
Cmd. CommandText = "update news set title =? Where id =? "
Cmd. CommandType = ad1_text
Set upa = cmd. CreateParameter ("title", adVarWChar, adParamInput, 50, "1 '2' 3 ")
Cmd. Parameters. Append HPA
Set upa = cmd. CreateParameter ("id", adInteger, adParamInput, 10)
Cmd. Parameters. Append HPA
Cmd. Execute
The id field of the news table is Integer, and the title field is nvarchar (50, the result of execution is to change the content of the title field of the record with the id field 10 in the news table to "1 '2' 3"