Long story short, I inherited an ASP project. I recently was subject to an SQL injection attack. I'm trying to update the search field that allowed the sql attack.

I'm no ASP guru at all and would really appreciate any help anyone can give me on how to check the search tearm before it goes into my sql select statement.

Are you concatenating strings to build your query? If so, switch to using parameters.

The previous guy did do that I believe. How do I use parameters?

Can you show some code you are using now?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.