asp非法字符过滤函数sql防注入

On Error Resume Next

Fy_Url=Request.ServerVariables("QUERY_STRING")
Fy_a=split(Fy_Url,"&")
redim Fy_Cs(ubound(Fy_a))

On Error Resume Next

for Fy_x=0 to ubound(Fy_a)
 Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1)
Next

For Fy_x=0 to ubound(Fy_Cs)
 If Fy_Cs(Fy_x)<>"" Then
  If Instr(LCase(Request(Fy_Cs(Fy_x))),"'")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"and")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"update")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"chr")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x)))," ")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),";")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"insert")<>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"master.")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete")<>0  Or Instr(LCase(Request(Fy_Cs(Fy_x))),"from")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"exec")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"xp_cmdshell")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"user")<>0 Or Instr(LCase(Request(Fy_Cs(Fy_x))),"net")<>0 Then
   Select Case Fy_Cl
     Case "1"
   Response.Write ""
     Case "2"
   Response.Write ""
     Case "3"
   Response.Write ""
   End Select
   Response.End
  End If
 End If
Next