old post, but if you're using sql server it would look something like this....
Code:
<%
string MyVar = Request.QueryString["MyVar_url"];
...
SqlConnection sqlConn = new SqlConnection(connectionString);
sqlConn.Open();
SqlCommand cmd = new SqlCommand("SELECT * FROM users WHERE user_id = @MyVar", sqlConn);
cmd.Parameters.Add("@MyVar", SqlDbType.Int).Value = int.Parse(MyVar);
SqlDataReader result = cmd.ExecuteReader();
sqlConn.Close();
%>
of course, much needed exception handling is missing, but it should give you a general idea of how it could be done
