非法字符替换，防SQL注入(asp)

'===============================
'函数名：CheckStr(byVal ChkStr)
'作用：非法字符替换，防SQL注入
'=============================== 
Function CheckStr(byVal ChkStr)
 Dim Str:Str=ChkStr
 Str=Trim(Str)
 If IsNull(Str) Then
  CheckStr = ""
  Exit Function
 End If
 Dim re
 Set re=new RegExp
 re.IgnoreCase =True
 re.Global=True
 re.Pattern="(/r/n){3,}"
 Str=re.Replace(Str,"$1$1$1")
 Set re=Nothing  'net localgroup administrators
 Str = Replace(Str,"net localgroup administrators","net localgroup administrators")
 Str = Replace(Str,"exec%20master.dbo.xp_cmdshell","exec%20master.dbo.xp_cmdshell")
 Str = Replace(Str,"/add","/add")
 Str = Replace(Str,"xp_cmdshell","xp_cmdshell")
 Str = Replace(Str,"net user","net user")
 Str = Replace(Str,"'","''")
 Str = Replace(Str, "select", "select")
 Str = Replace(Str, "join", "join")
 Str = Replace(Str, "union", "union")
 Str = Replace(Str, "where", "where")
 Str = Replace(Str, "insert", "insert")
 Str = Replace(Str, "delete", "delete")
 Str = Replace(Str, "update", "update")
 Str = Replace(Str, "like", "like")
 Str = Replace(Str, "drop", "drop")
 Str = Replace(Str, "create", "create")
 Str = Replace(Str, "modify", "modify")
 Str = Replace(Str, "rename", "rename")
 Str = Replace(Str, "alter", "alter")
 Str = Replace(Str, "cast", "cast")
 CheckStr=Str
End Function