是否存在SQL敏感字符

function isSQL(st)
{
    var in_str = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
    var arrStr = in_str.split('|');
    var l = arrStr.length;
    for(var i = 0; i < l; i++)
    {
        if(st.indexOf(arrStr[i]) >= 0)
            return true;       
    }
    return false;
}

   public static bool isSQL(string str)
    {
        string in_str = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,";
        string[] in_sql = in_str.Split('|');
        for (int i = 0; i < in_sql.Length; i++)
        {
            if (str.IndexOf(in_sql[i]) >= 0)
                return true;//存在sql注入
        }
        return false;
    }