Home/ Questions/Q 754105
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T14:58:27+00:00

Coming from PHP, I have to do some sql cleanup on this 1000 file

  • 0

Coming from PHP, I have to do some sql cleanup on this 1000 file asp classic web-app without any prior knowledge of asp, and before I get to hacking away at it I’d like to be aware of any major gotchas to watch out for while coding in asp classic/sql parameter preparing/making asp whitespace modifications. What are some good quick overview resources, and what should I watch out for?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1. I would create a function that encapsulates all or most of data access. In previous projects, I have created a GetRecordset function that takes a SQL statement and returns a Recordset instance. In the function, I open the database, execute the query, close the database and return the recordset. This ensures that connections get closed.

    2. I would create a function for cleaning parameters to a SQL statement or even better is to use parameterized queries. In code where I did not want to rewrite queries and thus was using concatenation, the function I would use required a vbVarType parameter so that I can verify that the value passed is of the type indicated and to ensure that dates are put in the format that is not specific to the culture of the server.

    3. I would search for instances of a single quote followed by a double quote. Here you are looking for Select ... Where StringOrDateCol = '" & Request.QueryString("GodKnowsWhat") & ...

    Even with all of that, you will not catch everything. For example, you would not catch Select ...Where NumericCol = " & Request.QueryString("GodKnowsWhat"). The final search might be to search on Select, Update, Insert and Delete and inspect each SQL statement to ensure it uses the function you created in #2 above.

    • 0