<% 'On Error Resume Next dim Literature_ID Literature_ID = request("Literature_ID") if Literature_ID <> "" and chkSQLScript(ucase(Literature_ID)) then response.redirect("../Download/DownloadLit.aspx?lit_id=" & Server.URLEncode(Literature_ID)) end if function chkSQLScript(byval strSQL) bSQL = true '------- check length -------- if bSQL and len(strSQL)>20 then bSQL = false end if '------- check danger words ------ if bSQL then aryDangerWords = array("SELECT ", "UNION ","INSERT " ,"UPDATE ","DELETE ","OR ","EXEC ","DECLARE ","DELETE ","TRUNCATE ","DROP ","SHUTDOWN ", ";" , "," ,"TABLE ") for I = 0 to UBound(aryDangerWords) if instr(strSQL, aryDangerWords(I))> 0 then bSQL=false exit for end if next end if chkSQLScript= bSQL end function %>