一段简单的ASP防SQL注入函数

一段简单的ASP防SQL注入函数，这些都是很简单的，相信大家都能看得明白！

<%
Function sqlzr(ParaName)
 if ParaName <> "" then
  if IsNumeric(ParaName) = True then
   sqlzr=ParaName
   exit Function
  elseIf Instr(LCase(ParaName),"select ") > 0 or Instr(LCase(ParaName),"insert ") > 0 or Instr(LCase(ParaName),"delete from") > 0 or Instr(LCase(ParaName),"count(") > 0 or Instr(LCase(ParaName),"drop table") > 0 or Instr(LCase(ParaName),"update ") > 0 or Instr(LCase(ParaName),"truncate ") > 0 or Instr(LCase(ParaName),"asc(") > 0 or Instr(LCase(ParaName),"mid(") > 0 or Instr(LCase(ParaName),"char(") > 0 or Instr(LCase(ParaName),"xp_cmdshell") > 0 or Instr(LCase(ParaName),"exec master") > 0 or Instr(LCase(ParaName),"net localgroup administrators") > 0   or Instr(LCase(ParaName)," and ") > 0 or Instr(LCase(ParaName),"net user") > 0 or Instr(LCase(ParaName)," or ") > 0 then
   Response.Write "<script language='javascript'>"
   Response.Write "alert('非法的请求!');"
   Response.Write "</script>"
   Response.end
  else
   sqlzr=ParaName
  End If
 End If
End function

response.write sqlzr("dfgdgfh")
%>