<%
'On Error Resume Next
dim Literature_ID
Literature_ID = request("Literature_ID")
if Literature_ID <> "" and chkSQLScript(ucase(Literature_ID)) then
response.redirect("../Download/DownloadLit.aspx?lit_id=" & Server.URLEncode(Literature_ID))
end if
function chkSQLScript(byval strSQL)
bSQL = true
'------- check length --------
if bSQL and len(strSQL)>20 then
bSQL = false
end if
'------- check danger words ------
if bSQL then
aryDangerWords = array("SELECT ", "UNION ","INSERT " ,"UPDATE ","DELETE ","OR ","EXEC ","DECLARE ","DELETE ","TRUNCATE ","DROP ","SHUTDOWN ", ";" , "," ,"TABLE ")
for I = 0 to UBound(aryDangerWords)
if instr(strSQL, aryDangerWords(I))> 0 then
bSQL=false
exit for
end if
next
end if
chkSQLScript= bSQL
end function
%>