ASP - Beskyt mod SQL Injektion - ADO Parameterized
Hvordan omskriver jeg nedenstående til ADO Parameterized, for at forhindre SQl InjectionstrPartnername = Request.Form("txtUserID")
strPassword = Request.Form("txtPassword")
set Conn = Server.CreateObject("ADODB.connection")
Conn.Open lstrDBFile
Set rs = Server.CreateObject("ADODB.RecordSet")
strSQL = "Select * FROM MyTable WHERE (Partnername = '" & strPartnername & "') AND (Password = '" & strPassword & "')"
rs.Open strSQL, Conn, 1, 3