How do you know you're able to use SQL injection. Do you get errors in the ASP file while entering 'wrong' code such as quotes.
The way I try to use SQL Injection:
Type quotes in an input field
If you see some SQL Server errors
you can mess with the database or leave a gental message (mostly in a new table) to attend the DB Admin that his DB is very bad secured.
I don't know if this can help you,
If not, please reply your problem more specific
Every web application, ASP or not, needs to "sanitize" the data that is typed into each and every input field. This means removing unprintable characters, converting quotes to \" or whatever, checking the length and so-on.
You can write, or find, a pretty good Visual Basic function to do that. But you have to remember to do that, for each and every input.
Lots of web-pages simply don't get tested by "nasty testers" who are trying to make it break. They are "tested" by the same folks who wrote them, who obviously are getting tired of the work and don't really want to discover "one more bug."