I need a function for VBscript / classic ASP that returns a recordset based parametrisized sql for SQL Server 2000.
The goal is to use this function to simplify the creation of parametrisized queries for SQL Server 2000 in order to prevent SQL-injection.
The function input should look something like this:
An example of the call:
set rs = getRsPar("SELECT id FROM products WHERE prodname=@par1 AND prodbrand=@par2",array("Laptop","HP"),array("str","str"),adOpenForwardOnly ,adLockReadOnly)
I dont know if the above is correct but it illustrates the idea. If you have a better idea then you are welcome to present it.
The connect variable is simply named "connect"
The import thing is that this is not "solved" by filtering.
The function must be well written and easy to follow because it will be used with other functions. All internal variables must be declared etc.