I am basically a .Net programmer and I know very little about old ASP. Now, we do not have time to convert it to .Net. The application is pretty big and has lots of embedded SQL inside the code. We fear SQL injections. What are the options I have now?
1. Accumulate all those SQLs in a COM DLL(?)
2. Is it possible to parametrize queries?
3. Any other solution?
Sample code will be appreciated. Thanks in advance.