Function depurarSQL(cadena)
prohibidas = array("select","drop",";","--","insert","delete","xp_","/","","*","%","<",">","or","=","'","""","Or","OR"," oR","Select","SeLeCt","!","_",""""""," or "," and ", "(",")","update","delete","drop","-shutdown","--")
miTemp = cadena
If Not isNull(miTemp) Then
For J = 0 To uBound(prohibidas)
miTemp = Replace(miTemp,prohibidas(J),"")
Next
miTemp = Server.HTMLEncode(miTemp)
depurarSQL = miTemp
Else
'no pasa nada
End If
End Function