SQL injection on Classic ASP pages with parameterized queries: text fields

Question

I\'ve parameterized my queries in my Classic ASP app, but am unsure whether I need to sanitize or scrub free text fields or if the parameterization is sufficient to prevent

Answer 1

If you use parametrized queries, you're safe against SQL injection attacks.

But not for XSS attacks; some user could to insert HTML content (think about