I am currently creating a site in ASP. The site uses a backend SQL database to deal with requsets to and from the ASP pages.
I have previously used the following code to connect to my SQL databases. My question is, is this a recommended way to connect to a SQL database with ASP? Is it vulnerable from anything such as a code injection attack?
Is there another way which is recommended which could make the query of the database better?
objConnection.Open "Provider=sqloledb;" & _
"Data Source=IPaddress;" & _
"Initial Catalog=username;" & _
"User Id=username;" & _
Example Query :
strSQL = "SELECT * FROM table Where emanus = '" & us_e_un & "'"
SET chk_rslt = objConnection.Execute (strSQL)