I've parameterized my开发者_Go百科 queries in my Classic ASP app, but am unsure whether I need to sanitize or scrub free text fields or if the parameterization is sufficient to prevent injection.
If you use parametrized queries, you're safe against SQL injection attacks.
But not for XSS attacks; some user could to insert HTML content (think about <script>, <object> tags) into your database and, at some page, another user get that potentially malicious code executed.
Not all sql stored procs are injection safe
http://palisade.plynt.com/issues/2006Jun/injection-stored-procedures/
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论