sql 防止GET方法注入

<%
sql_GetDatas = "{|}|[|]|\|:|'|;|<|>|,|`|~|!|$|%|^|(|)|insert|select|delete|update|count|*|%|%20|truncate|declare"
'防止Get方法注入
If Request.QueryString<>"" Then
sql_Strs = Split(sql_GetDatas,"|")
For Each sql_FilerStr In Request.QueryString
    For i=0 To Ubound(sql_Strs)
      if instr(cstr(Request.QueryString(sql_FilerStr)),sql_Strs(i))>0 Then
        Response.Write "<Script Language=javascript>alert('no special characters');history.back(-1)</Script>"
   str="http://"
   host = Request.ServerVariables("HTTP_HOST")
   url = Request.ServerVariables("PATH_INFO")
   keyword = Request.ServerVariables("QUERY_STRING")
   if keyword <> "" then
   full = str&host&url&"?"&keyword
   else
   full = str&host&url
   end if
   set conn = server.createobject("ADODB.CONNECTION")
   conn.open "Provider=SQLOLEDB.1;Persist Security Info=False;Server=127.0.0.1;User ID=sa;Password=S密码;Database=数据库;"
   conn.execute "insert into depotcom(depotipds,logontime,path) values('"&request.ServerVariables("REMOTE_ADDR")&"','"&now()&"','"&full&"')"
   conn.close
   set conn=nothing
        Response.End
      end if
    next
Next
End If

if Conn="" then
set conn = server.createobject("ADODB.CONNECTION")
conn.open "Provider=SQLOLEDB.1;Persist Security Info=False;Server=127.0.0.1;User ID=sa;Password=SA密码;Database=数据库名称;"
end if
%>