I configured my queries in my classic ASP application, but I'm not sure if I need to sanitize or clean up the free text fields or if the parameterization is enough to prevent injections.
Not all sql stored procedures are injection safe
http://palisade.plynt.com/issues/2006Jun/injection-stored-procedures/
If you use parameterized queries, you are protected against SQL injection attacks.
XSS; HTML- ( <script>, <object>) , .
<script>
<object>
Source: https://habr.com/ru/post/1729462/More articles:Another DataContext error. Why is this a problem? - c #FTPListener в .NET - httpAtom feed XML attribute ruined AS3 XML parsing? - xmlBest practice for setting environment settings for a Java web application? - installerbzr add, but dirs remain unknown - bazaarPHP: merge / add multidimensional array? - arraysPHP: the problem of merging arrays - arraysUsing general-purpose scripting languages - scriptingHow can I store application-level statistics on the fly in an application under Apache? - pythoncreate a window for ascii - windowAll Articles