Home > Web Front-end > JS Tutorial > ASP SQL injection prevention method_jquery

ASP SQL injection prevention method_jquery

WBOY
Release: 2016-05-16 18:57:12
Original
1501 people have browsed it

Below we will introduce another method to prevent SQL injection attacks in ASP. This method is not only applicable in ASP, but can actually be used in any language that uses the ADO object model to interact with the database. To be precise, it is called ADO-based. The object model approach to preventing SQL injection may be more appropriate. Okay, without further ado, let’s take a look at the code

Copy the code The code is as follows:

Dim conn,cmd,pra
set conn=server.createobject("adodb.connection")
conn.Open "…………" 'The database connection word is omitted here

set cmd=server. createobject("adodb.Command")
set pra=server.createobject("adodb.Parameter")
cmd.ActiveConnection = conn

cmd.CommandText = "update news set title=? where id =?"
cmd.CommandType = adCmdText

Set pra = cmd.CreateParameter("title", adVarWChar, adParamInput, 50, "1'2'3")
cmd.Parameters. Append pra

Set pra = cmd.CreateParameter("id", adInteger, adParamInput, , 10)
cmd.Parameters.Append pra

cmd.Execute

The id field of the news table is of type Integer, and the title field is of type nvarchar(50). The result of the execution is to change the content of the title field of the record with the id field of 10 in the news table to "1'2'3 "
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template