asp sql安全过滤及防注入程序代码

'**************************************************
'函数名：ReplaceBadChar
'作  用：过滤非法的SQL字符
'参  数：strChar-----要过滤的字符
'返回值：过滤后的字符
'**************************************************
function ReplaceBadChar(strChar)
 if strChar="" then
  ReplaceBadChar=""
 else
  ReplaceBadChar=replace(replace(replace(replace(replace(replace(replace(replace(strChar,"'",""),"*",""),"?",""),"(",""),")",""),"<",""),".",""),"%","")
 end if
end function

'**************************************************
'函数名：CheckBadChar
'作  用：检查非法字符
'参  数：strChar-----要检查的字符
'返回值：检查后的字符 有非法的为True
'作  者: designed by jeanun
'**************************************************
function CheckBadChar(strChar)
  if Instr(strChar,"=")>0 or Instr(strChar,"%")>0 or Instr(strChar,"?")>0 or Instr(strChar,"&")>0 or Instr(strChar,";")>0 or Instr(strChar,",")>0 or Instr(strChar,"'")>0 or Instr(strChar,",")>0 or Instr(strChar,chr(34))>0 or Instr(strChar,chr(9))>0 or Instr(strChar,"$")>0 then
   CheckBadChar = true
  else
   CheckBadChar = false
  end if
end function

'**************************************************
'函数名：SafeRequest
'作  用：安全的Request,只能取得[数字]
'参  数：strChar-----字段名称
'返回值：检查后的读取字符
'作  者: designed by jeanun
'**************************************************
function SafeRequest(strChar)
 strChar = Trim(Request(""& strChar &""))
 if CheckBadChar(strChar) = True Or IsNumeric(strChar) = False then
  Response.Write("")
  Response.End()
 else
  SafeRequest = strChar
 end if
end function