Good morning,
I am doing a modification of a web written in asp classic and I need to make changes in that web to implement certain security until we move to a more current version and one of the things that I have been asked is to parameterize the sql. The problem is that I have been doing tests and I have not managed to get back any value. The code that I created is the following:
Set rs = server.createobject("ADODB.Recordset")
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open cab_db
Set miCom = Server.CreateObject("ADODB.Command")
Set miCom.Activeconnection = Conn
miCom.commandText="select valor as prueba from tabla1 where upper(valor) like '@pru' and valor2= pac_web.f_encriptapwd('@pru2') and fbaja is null"
miCom.Parameters.Append miCom.CreateParameter("@pru",200,1 ,200,ucase(valorEntrada))
miCom.Parameters.Append miCom.CreateParameter("@pru2",200,1 ,200,valorEntrada2)
'response.write(param)
'response.write(param1)
response.write(miCom.commandText)
'Response.Write("Llega")
rs.Open miCom
if not rs.eof then
psperson = rs(0)
response.write(psperson)
end if
The problem I have is that it does not return any error message and I can not find the fault. Can anybody help me? Thanks in advance