Comments on: Classic ASP (which IS still alive) - and parametised queries http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/ Just another WordPress weblog Sat, 22 Nov 2008 00:57:12 +0000 http://wordpress.org/?v=2.0.5 by: Gary Blazek http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-17 Mon, 03 Nov 2008 17:15:38 +0000 http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-17 Thanks for the info on parametrized queries in ASP classic. I was able to use your code examples without any problems. Thanks for the info on parametrized queries in ASP classic. I was able to use your code examples without any problems.

]]> by: mike http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-16 Tue, 12 Aug 2008 17:19:17 +0000 http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-16 Thanks for the nice article. There really isn't much info out there for classic asp. Is there a way to used this type of query and still be able to move through the recordset? I need to use the obj.movefirst on a page. Thanks again. Thanks for the nice article. There really isn’t much info out there for classic asp. Is there a way to used this type of query and still be able to move through the recordset? I need to use the obj.movefirst on a page. Thanks again.

]]> by: Ian http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-14 Fri, 27 Jun 2008 19:16:48 +0000 http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-14 Hi Ian. I believe you put single quotes around the @variable in place of the ? Hi Ian. I believe you put single quotes around the @variable in place of the ?

]]> by: Greg Brine http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-12 Sun, 15 Jun 2008 07:47:44 +0000 http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-12 Pete, you know I'm still a fan of ASP, and even though I changed my team over to .NET, I still argue that ASP is a faster language, it's just got a bad name because you can be lazy in it. Which is .NET's single greatest strength. Visual Studio may be lazy in the way it completes everything for you, but you have to code it right. One error and it'll fail. But, for the lazy coders, there's still ways to cut corners in it. And that gives a language a bad name. It's just more difficult. On our classic ASP sites, to strengthen them, we re-wrote the queries using a function that checks the type and length and converts it. Longer to write the function, but in use, it's shorter. And don't forget Stored Procedures! That, combined with good coding makes an unstoppable duo - and speeds data access up on repetitive queries. Greg P.S. We want more Pete blogs! Pete, you know I’m still a fan of ASP, and even though I changed my team over to .NET, I still argue that ASP is a faster language, it’s just got a bad name because you can be lazy in it.

Which is .NET’s single greatest strength. Visual Studio may be lazy in the way it completes everything for you, but you have to code it right. One error and it’ll fail.

But, for the lazy coders, there’s still ways to cut corners in it. And that gives a language a bad name. It’s just more difficult.

On our classic ASP sites, to strengthen them, we re-wrote the queries using a function that checks the type and length and converts it. Longer to write the function, but in use, it’s shorter.

And don’t forget Stored Procedures! That, combined with good coding makes an unstoppable duo - and speeds data access up on repetitive queries.

Greg

P.S. We want more Pete blogs!

]]> by: ASP.NET Debugging : SQL Injection and how to avoid it http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-11 Sun, 01 Jun 2008 04:59:53 +0000 http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-11 [...] SQL Injection Attack from the SWI team at Microsoft Preventing SQL Injections in ASP Filtering SQL Injection From Classic ASP Classic ASP which is still alive and parameterized queries ISAPI filter to protect against SQL Injection Michael Sutton's Blog on SQL Injection [...] […] SQL Injection Attack from the SWI team at Microsoft Preventing SQL Injections in ASP Filtering SQL Injection From Classic ASP Classic ASP which is still alive and parameterized queries ISAPI filter to protect against SQL Injection Michael Sutton’s Blog on SQL Injection […]

]]> by: Ian http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-10 Thu, 29 May 2008 12:23:05 +0000 http://www.nomadpete.com/2007/03/23/classic-asp-which-is-still-alive-and-parametised-queries/#comment-10 Hi Pete! I'm trying to do exactly what your tutorial is explaining, however I just cannot get it work correctly. I am encountering syntax errors at the question marks though. I've tried using named parameters also but I then get told I must declare the scalar variable. I'm not sure how where to from here and your tutorial (and http://prepared-statement.blogspot.com/) is the closest thing I can find to a how-to. You couldn't spare me a minute if you know what could be causing this? Any input is greatly appreciated! Hi Pete!

I’m trying to do exactly what your tutorial is explaining, however I just cannot get it work correctly.

I am encountering syntax errors at the question marks though. I’ve tried using named parameters also but I then get told I must declare the scalar variable. I’m not sure how where to from here and your tutorial (and http://prepared-statement.blogspot.com/) is the closest thing I can find to a how-to.

You couldn’t spare me a minute if you know what could be causing this?

Any input is greatly appreciated!

]]>