GLAZTECH WEBSITE - PAGES WITH IN-LINE SQL TO CONVERT TO STORED PROCS
=====================================================================

These are the spots in the LIVE site (D:\web\glaztech_4) that build SQL by
stitching text together (the quo() helper). Converting each of these to a stored
procedure / parameters is what closes the SQL-injection exposure. It's a
mechanical, repetitive change - no redesign.

- 80 call sites across 15 live files (line numbers below).
- The duplicate copies under Old_bin\ and Old_code\ are NOT in this list (not the
  live code) - those can just be removed during your dead-page cleanup.
- Suggested order: the payment / order / quote pages first (that's where customer
  input flows), then the rest.
- Test each page after converting it.
- online-payment-old.aspx.vb looks like a legacy page - if it's one of the dead
  ones you're removing, just delete it rather than fixing it.

COUNT PER FILE
--------------
  15  ach.aspx.vb
  14  customer-login\online-payment-pnc.aspx.vb
  14  customer-login\online-payment-ach-na.aspx.vb
  12  customer-login\quote-detail.aspx.vb
  12  customer-login\order-detail.aspx.vb
   2  quick-pay.aspx.vb
   2  quick-pay-ach.aspx.vb
   2  quick-pay-pnc.aspx.vb
   1  customer-login\Order-acknowledgements.aspx.vb
   1  customer-login\order-acknowledgements-approval.aspx.vb
   1  customer-login\online-payment-old.aspx.vb
   1  customer-login\settings.aspx.vb
   1  customer-login\CustomExportPdf.aspx.vb
   1  gs\appearance-makeup.aspx.vb
   1  gs\performance-makeup.aspx.vb

FULL LIST (file : line numbers)
-------------------------------
ach.aspx.vb: 224, 276, 277, 278, 279, 280, 282, 283, 284, 285, 286, 634, 671, 1246, 1248
customer-login\online-payment-pnc.aspx.vb: 1151, 1326, 1383, 1384, 1385, 1386, 1387, 1389, 1390, 1391, 1392, 1394, 1593, 1629
customer-login\online-payment-ach-na.aspx.vb: 1208, 1388, 1444, 1445, 1446, 1447, 1448, 1450, 1451, 1452, 1453, 1454, 1653, 1692
customer-login\quote-detail.aspx.vb: 96, 97, 98, 101, 102, 103, 286, 288, 310, 312, 1625, 1627
customer-login\order-detail.aspx.vb: 113, 114, 115, 118, 119, 120, 299, 301, 321, 323, 1712, 1714
quick-pay.aspx.vb: 880, 882
quick-pay-ach.aspx.vb: 888, 890
quick-pay-pnc.aspx.vb: 656, 658
customer-login\Order-acknowledgements.aspx.vb: 384
customer-login\order-acknowledgements-approval.aspx.vb: 39
customer-login\online-payment-old.aspx.vb: 1152
customer-login\settings.aspx.vb: 167
customer-login\CustomExportPdf.aspx.vb: 564
gs\appearance-makeup.aspx.vb: 211
gs\performance-makeup.aspx.vb: 175

Note: quo() is defined per-page (each page has its own local copy), so once a
page's call sites are converted you can remove that page's quo() definition.

- Arizona Computer Guru
