SQL数据库注入防范 ASP.NET Globle警告

在项目中的Global.asax页面代码中加下面的代码，就可以有效的防范简单的SQL注入。

protected void Application_BeginRequest(Object sender, EventArgs e)
  {
         string Sql_1 = "exec |insert+ |select+ |delete |update |count |chr |mid |master+|truncate |char |declare |drop+ |drop+table |creat+ |creat+table |'+ |>=+|<+|>+|==+|-|'|;";
   string Sql_2 = "exec+ |insert+ |delete+ |update+ |count( |count+ |chr+ |+mid( |+mid+ |+master+ |truncate+ |char+ |+char( |declare+ |drop+ |creat+ |drop+table |creat+table";
   string[] sql_c = Sql_1.Split('|');
   string[] sql_c1 = Sql_2.Split('|');
   if (Request.QueryString != null)
   {
    foreach (string sl in sql_c)
    {
     if (Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >= 0)
     {
      Response.Write("警告！你的IP已经被记录!");//
      Response.Write(sl);
      Response.Write(Request.QueryString.ToString());
      Response.End();
      break;
     }
    }
   }
   if (Request.Form.Count > 0)
   {
    string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
    if (Request.ServerVariables["HTTP_REFERER"] != null)
    {
     string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
     string s3 = "";
     if (s1.Length > (s2.Length - 7))
     {
      s3 = s2.Substring(7);
     }
     else
     {
      s3 = s2.Substring(7, s1.Length);
     }
     if (s3 != s1)
     {
      Response.Write("你的IP已被记录！警告！");//
      Response.End();
     }
    }
   }
  }