use like:
Set rs = execute_query(conn, "SELECT custid, custname FROM customers WHERE (somefield > ?) AND (someotherfield < ?)", Array(someValue, someOtherValue));
where conn is a "ADODB.Connection"
Function create_variant_input_parameter(command, name, value) Dim param ' 12 -> adVariant ' 1 -> adParamInput Set param = command.CreateParameter(name, 12, 1, 0, value) Set create_variant_input_parameter = param End Function Function execute_query(connection, querytext, parameters) Dim cmd, i, rs Set cmd = Server.CreateObject("ADODB.Command") cmd.CommandText = querytext ' 1 -> adCmdText cmd.CommandType = 1 For i = 0 To UBound(parameters) cmd.Parameters.Append(create_variant_input_parameter(cmd, "", parameters(i))) Next Set cmd.ActiveConnection = connection Set rs = cmd.Execute() Set execute_query = rs End Function