Function SafeRequest(ParaName,ParaType)
'--- 传入参数 ---
'ParaName:参数名称-字符型
'ParaType:参数类型-数字型(1表示以上参数是数字,0表示以上参数为字符)
Dim ParaValue
ParaValue=Request(ParaName)
If ParaType=1 then
If ParaValue="" or not isNumeric(ParaValue) then
response.Redirect("error.asp?f=isdgt")
End if
Else
ParaValue=replace(ParaValue,"'","''")
ParaValue=replace(ParaValue,"select%20","''")
ParaValue=replace(ParaValue,"insert%20","''")
ParaValue=replace(ParaValue,"delete%20from","''")
ParaValue=replace(ParaValue,"count(","''")
ParaValue=replace(ParaValue,"drop%20table","''")
ParaValue=replace(ParaValue,"update%20","''")
ParaValue=replace(ParaValue,"truncate%20","''")
ParaValue=replace(ParaValue,"asc(","''")
ParaValue=replace(ParaValue,"mid(","''")
ParaValue=replace(ParaValue,"char(","''")
ParaValue=replace(ParaValue,"xp_cmdshell","''")
ParaValue=replace(ParaValue,"exec%20master","''")
ParaValue=replace(ParaValue,"net%20localgroup%20administrators","''")
ParaValue=replace(ParaValue,"net%20user","''")
ParaValue=replace(ParaValue,"%20or%20","''")
End if
SafeRequest=ParaValue
End function