Preventing SQL Injection in legacy application

[gio1314]

I am working on an extremely old application. Our company requires all hosted applications be in conformance to current security standards. I don't have much experience in either of these languages besides what I get from trying to read this code. I have already taken care of the XSS vulnerabilities and am now working on SQL Injection. I want to modify the code as little as possible. FYI, we are connecting to an Oracle DB.\[code\]conn_String = "DRIVER=Microsoft ODBC for Oracle;UID=asdf;PWD=asdf;SERVER=asdf"Set conn = Server.CreateObject("ADODB.Connection")conn.Open conn_stringsql = "SELECT Name FROM SomeSchema.SomeTable WHERE id =" & someVariableSet rs = Server.CreateObject("ADODB.Recordset")rs.Open sql, conn\[/code\]I have found several solutions, but they are basically all for SQL Server Databases, and the ones I have found for oracle can only support 1 parameter. How do I tackle sql injection in classic asp.net/ado.net for an oracle database? Thanks