这样的防注函数,能杜绝注入吗?该如何解决

这样的防注函数,能杜绝注入吗?另外,整站都没有用cookiesfunctionnoSql(str)strrequest(str)strlcase(Tri

这样的防注函数,能杜绝注入吗?
另外,整站都没有用cookies
function   noSql(str)

str   =   request(str)
str   =   lcase(Trim(str))
str   =   Replace(str,   Chr(0),   " ")
str   =   Replace(str,   " ' ",   " ")
str   =   Replace(str,   "% ",   " ")
str   =   Replace(str,   "^ ",   " ")
str   =   Replace(str,   "; ",   " ")
str   =   Replace(str,   "* ",   " ")
str   =   Replace(str,   "& ",   " ")
str   =   Replace(str,   " < ",   " ")
str   =   Replace(str,   "> ",   " ")
str   =   Replace(str,   "| ",   " ")
str   =   Replace(str,   "and ",   " ")
str   =   Replace(str,   "chr ",   " ")
str   =   Replace(str,   "char ",   " ")

noSql   =   str
end   function


[解决办法]
整站用存储过程访问数据库最保险
[解决办法]
没那么夸张,其实你只需要在最底层使用参数化查询就行了。绝对安全。