Defense against attacks ASP injection code

These days, the SQL injection vulnerability has hurt me, and the online code is too complicated and difficult. Finally, I found the omnipotent anti-injection code and shared it. The operation is easy to use. You only need to include or put it in conn. asp. At the end, it is estimated that there are still some dangerous characters that are not fully loaded. Please complete them for me. Thank you!

<%
''' -------- Define part ------------------
Dim fy_post, fy_get, fy_in, fy_inf, fy_xh, fy_db, fy_dbstr
'''': Specifies the string to be filtered, which is separated by "anti-DDoS ".
Fy_in = "''' defense; anti-and anti-exec anti-insert anti-select anti-delete anti-update anti-count anti-* anti-CHR anti-mid anti-master anti-truncate anti-Char anti-declare anti <anti> Anti-= anti |- defense _"
Fy_inf = Split (fy_in, "anti-DDoS ")
If request. Form <> "" then
For each fy_post in request. Form
For fy_xh = 0 to ubound (fy_inf)
If instr (lcase (request. Form (fy_post), fy_inf (fy_xh) <> 0 then
Response. write "<script language = JavaScript> alert. I am a cainiao, so be afraid of it. Just put it away! Leave a message '''); </SCRIPT>"
Response. Write "illegal operation! This site has made the following record for you <br>"
Response. Write "Operation IP:" & request. servervariables ("remote_addr") & "<br>"
Response. Write "operation time:" & now & "<br>"
Response. Write "Operation page:" & request. servervariables ("url") & "<br>"
Response. Write "submission method: Post <br>"
Response. Write "Submit parameters:" & fy_post & "<br>"
Response. Write "submit data:" & request. Form (fy_post)
Response. End
End if
Next
Next
End if
If request. querystring <> "then
For each fy_get in request. querystring
For fy_xh = 0 to ubound (fy_inf)
If instr (lcase (request. querystring (fy_get), fy_inf (fy_xh) <> 0 then
Response. write "<script language = JavaScript> alert. I am a cainiao, so be afraid of it. Just put it away! Leave a message '''); </SCRIPT>"
Response. Write "illegal operation! This site has made the following record for you <br>"
Response. Write "Operation IP:" & request. servervariables ("remote_addr") & "<br>"
Response. Write "operation time:" & now & "<br>"
Response. Write "Operation page:" & request. servervariables ("url") & "<br>"
Response. Write "submission method: Get <br>"
Response. Write "Submit parameters:" & fy_get & "<br>"
Response. Write "submit data:" & request. querystring (fy_get)
Response. End
End if
Next
Next
End if
%>