Previous Code Entry
Left Arrow Classic ASP md5 Hash Login Script 		Current Code Entry
 Next Code Entry
Send Email using ASP Classic and CDOSYS Right Arrow
SELECT Statement, INSERT Statement, UPDATE Statement, DELETE Statement, in ASP using Parameter''s, in the combat against SQL & XSS INJECTION
Article Entry Date: May 12,2022 @ 01:04:28 / Last Updated On: December 11,2023 @ 07:16:04
It does not matter the coding language you are using; whether it is ASP Classic, ASP.NET, PHP, or other coding languages, when it comes to SQL And XSS Injections, we are all at risk.
Thanks to: R_Harrison« from EE« for his great information about XSS Prevention.


    This Demonstration will show you how to do the following:
  1. [CSS] (We will show you how to build a Table using CSS Attributes instead of HTML, which makes for a better and cleaner page and source code)
  2. [SELECT] (In this Demo, we will loop through the records and show you how to get all the records to show to the page)
  3. [INSERT] (Insert records to the database using SQL)
  4. [UPDATE] (After we retrieve the records from the database, we will choose the one we want to update)
  5. [DELETE] (We will get the records from the database and generate a ListMenu to select the record(s) we want to Delete)
  6. [Parameterized Queries] ([To prevent SQL Injection])
  7. [XSS Prevention] ([To prevent XSS Injection])
  8. ProtectSQL and ReverseSQL (Custom script by Wayne Barron, to help combat SQL & XSS Injection.)

    History of this script.
  1. December 8, 2009, to show how to insert and update Textarea formatting into the MemoField of a database
  2. July 27, 2012, to show how to prevent [XSS] and [SQL Injections] within a single Global Function called: [ProtectSQL()]
  3. January 11, 2016, to use JQuery to allow users to stay on the same page when inserting data. --
    Changed the page layout to be in Columns instead of Rows. --
    Changed the Form to use the Submit button as the trigger inside our setRecords.asp page.

    Major Updates to code
  1. May 12, 2022 - Changed script to work with SQL Server for new site design.
  2. May 12, 2022 - Within the ACN.asp page, you will see a Function called: [ReverseSQL]. We use this Function to Reverse the Protected Function [protectSQL()], so you can then edit your original writing within a textarea or input field. It is strongly recommended you use the [protectSQL()] in all your [Classic ASP pages] to help protect your site and code from malicious hacking attempts.
  3. May 24, 2022 - Changed original [AJAX] script out with a newer AJAX script. The older script caused issues with [Character Accents] that would garble the characters up or place the characters with the diamond question mark. This was found out early morning on May 24, 2022, on the same day this was published while developing the Coding Source admin page script.
  4. May 24, 2022 - With the new [AJAX] script I also had to change the [Submit] button with another button with a JavaScript trigger to a Hidden Field.