SQL injection on Classic ASP pages with parameterized queries: text fields

Question

I\'ve parameterized my queries in my Classic ASP app, but am unsure whether I need to sanitize or scrub free text fields or if the parameterization is sufficient to prevent

Answer 1

Not all sql stored procs are injection safe

http://palisade.plynt.com/issues/2006Jun/injection-stored-procedures/