¿Como evitar SQL Inyection en asp?

<%
Dim BlackList, ErrorPage, s

BlackList = Array(“–“, “;”, “/*”, “*/”, “@@”, “@”,_
“char”, “nchar”, “varchar”, “nvarchar”,_
“alter”, “begin”, “cast”, “create”, “cursor”,_
“declare”, “delete”, “drop”, “end”, “exec”,_
“execute”, “fetch”, “insert”, “kill”, “open”,_
“select”, “sys”, “sysobjects”, “syscolumns”,_
“table”, “update”)

‘ Populate the error page you want to redirect to in case the check fails.
ErrorPage = “/ErrorPage.asp”

‘ This function does not check for encoded characters since we do not know the form of encoding your application uses. Add the appropriate logic to deal with encoded characters in here
”””””””””””””””””””””””””’
Function CheckStringForSQL(str)
On Error Resume Next

Dim lstr

‘ If the string is empty, return true
If ( IsEmpty(str) ) Then
CheckStringForSQL = false
Exit Function
ElseIf ( StrComp(str, “”) = 0 ) Then
CheckStringForSQL = false
Exit Function
End If

lstr = LCase(str)

‘ Check if the string contains any patterns in our black list
For Each s in BlackList

If ( InStr (lstr, s) <> 0 ) Then
CheckStringForSQL = true
Exit Function
End If

Next

CheckStringForSQL = false

End Function

‘ Check forms data
For Each s in Request.Form
If ( CheckStringForSQL(Request.Form(s)) ) Then

‘ Redirect to an error page
Response.Redirect(ErrorPage)

End If
Next

‘ Check query string
For Each s in Request.QueryString
If ( CheckStringForSQL(Request.QueryString(s)) ) Then

‘ Redirect to error page
Response.Redirect(ErrorPage)

End If

Next

‘ Check cookies
For Each s in Request.Cookies
If ( CheckStringForSQL(Request.Cookies(s)) ) Then

‘ Redirect to error page
Response.Redirect(ErrorPage)

End If

Next
%>