asp get和post数据接收过滤

<%
'--------定义部份------------------
dim xh_post,xh_get,xh_in,xh_inf,xh_xh,xh_db,xh_dbstr
'自定义需要过滤的字串,用 "|" 分隔
xh_in = "'|;|and|exec|insert|select|delete%20from|update|count|*|%|chr|mid|master|truncate|char|declare|drop%20table|from|net%20user|xp_cmdshell|/add|net%20localgroup%20administrators|asc|char"
'----------------------------------
%>
<%
xh_inf = split(xh_in,"|")
'--------post部份------------------
if request.form<>"" then
for each xh_post in request.form
for xh_xh=0 to ubound(xh_inf)
if instr(lcase(request.form(xh_post)),xh_inf(xh_xh))<>0 then
response.write "<script language=javascript>alert('请不要在参数中包含非法字符尝试注入！');</script>"
response.write "非法操作！系统做了如下记录↓<br>"
response.write "操作ｉｐ："&request.servervariables("remote_addr")"<br>"
response.write "操作时间："&now"<br>"
response.write "操作页面："&request.servervariables("url")"<br>"
response.write "提交方式：ｐｏｓｔ<br>"
response.write "提交参数："&xh_post"<br>"
response.write "提交数据："&request.form(xh_post)
response.end
end if
next
next
end if
'----------------------------------
'--------get部份-------------------
if request.querystring<>"" then
for each xh_get in request.querystring
for xh_xh=0 to ubound(xh_inf)
if instr(lcase(request.querystring(xh_get)),xh_inf(xh_xh))<>0 then
response.write "<script language=javascript>alert('请不要在参数中包含非法字符尝试注入！');</script>"
response.write "非法操作！系统做了如下记录↓<br>"
response.write "操作ｉｐ："&request.servervariables("remote_addr")"<br>"
response.write "操作时间："&now"<br>"
response.write "操作页面："&request.servervariables("url")"<br>"
response.write "提交方式：ｇｅｔ<br>"
response.write "提交参数："&xh_get"<br>"
response.write "提交数据："&request.querystring(xh_get)
response.end
end if
next
next
end if
'----------------------------------
%>