在这里也不做说明了，大家也应该会用的！

<%

Function sqlzr1(ParaName)

if IsNumeric(ParaName)  then

    SafeRequest=ParaName

    exit Function

else

    ParaValuetemp=lcase(ParaName)

    tempvalue="select|insert|delete|union|join|script|applet|object|'|drop|update|truncate|create|xp_cmdshell|exec|alter|cast|rename|modify"

    temps=split(tempvalue,"|")

    for mycount=0 to ubound(temps)

    if  Instr(ParaValuetemp,temps(mycount)) > 0   and lcase(ParaName)<>"module" then

        Response.Write "<script language='javascript'>"

        'Response.Write "alert('您提交的内容包含了字符["&temps(mycount)&"],请去除后重新提交或联系我们...');"

        Response.Write "alert('非法的请求!');"

        Response.Write "</script>"

        Response.end

    end if

    next

    sqlzr1=ParaName

end if

End function

response.write sqlzr1("gdhrhrhj")

%>