一段简单的ASP防SQL注入函数，这些都是很简单的，相信大家都能看得明白！

<%

Function sqlzr(ParaName)

 if ParaName <> "" then

  if IsNumeric(ParaName) = True then

   sqlzr=ParaName

   exit Function

  elseIf Instr(LCase(ParaName),"select ") > 0 or Instr(LCase(ParaName),"insert ") > 0 or Instr(LCase(ParaName),"delete from") > 0 or Instr(LCase(ParaName),"count(") > 0 or Instr(LCase(ParaName),"drop table") > 0 or Instr(LCase(ParaName),"update ") > 0 or Instr(LCase(ParaName),"truncate ") > 0 or Instr(LCase(ParaName),"asc(") > 0 or Instr(LCase(ParaName),"mid(") > 0 or Instr(LCase(ParaName),"char(") > 0 or Instr(LCase(ParaName),"xp_cmdshell") > 0 or Instr(LCase(ParaName),"exec master") > 0 or Instr(LCase(ParaName),"net localgroup administrators") > 0   or Instr(LCase(ParaName)," and ") > 0 or Instr(LCase(ParaName),"net user") > 0 or Instr(LCase(ParaName)," or ") > 0 then

   Response.Write "<script language='javascript'>"

   Response.Write "alert('非法的请求!');"

   Response.Write "</script>"

   Response.end

  else

   sqlzr=ParaName

  End If

 End If

End function

response.write sqlzr("dfgdgfh")

%>