We fixed any SQL injection holes in our code probably 10 years ago now. If you attach a page that you think has SQL injection vulnerabilities then I can take a look and tell you if there are any and how to fix them. In general all webassist code should be secure, but hand editing can lead to security holes. The code you included doesn't have any vulnerability. SQL injections occur when form posts or url parameters are used directly in a recordset or insert/update statement. This allows someone to "inject" additional SQL code into the query. We prevent this using a variety of methods, but I can take a look at pages you think have issues and tell you if they do and where.