判断输入字符串中是否含有危险字符

Sub StopInjection(Values)
    Dim regEx
    Set regEx = New RegExp
    regEx.IgnoreCase = True
    regEx.Global = True
    regEx.Pattern = "'|;|#|([\s\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b+]*)"
    Dim sItem, sValues
    For Each sItem In Values
        sValue = Values(sItem)
        If regEx.Test(sValue) Then
            Response.Write "<script>alert('很抱歉，您提交的内容中含有危险字符，致使本次操作无效！');"
            Response.End()
        End If
    Next
    Set RegEx = Nothing
End Sub