Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>If you wanted to stick with Classic ASP then I would suggest creating a Database handling object via ASP Classes then just use that object to do your recordset creations. This would centralize your database handling code and make it so that you only have to handle SQL Injection attacks in a single location.</p> <p>A simple example.</p> <pre><code>Class clsDatabase Private Sub Class_Initialize() If Session("Debug") Then Response.Write "Database Initialized&lt;br /&gt;" End Sub Private Sub Class_Terminate() If Session("Debug") Then Response.Write "Database Terminated&lt;br /&gt;" End Sub Public Function Run(SQL) Set RS = CreateObject("ADODB.Recordset") RS.CursorLocation = adUseClient RS.Open SQLValidate(SQL), Application("Data"), adOpenKeyset, adLockReadOnly, adCmdText Set Run = RS Set RS = nothing End Function Public Function SQLValidate(SQL) SQLValidate = SQL SQLValidate = Replace(SQLValidate, "--", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, ";", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, "SP_", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, "@@", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, " DECLARE", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, "EXEC", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, " DROP", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, " CREATE", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, " GRANT", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, " XP_", "", 1, -1, 1) SQLValidate = Replace(SQLValidate, "CHAR(124)", "", 1, -1, 1) End Function End Class </code></pre> <p>Then to use this you would change your calls to:</p> <pre><code>Set oData = new clsDatabase Set Recordset = oData.Run("SELECT field FROM table WHERE something = another") Set oData = nothing </code></pre> <p>Of course you can expand the basic class to handle parametrized stored procedures or what not and more validations etc. </p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload