/**
 * Tests a string, one-dimensional array, or simple struct for possible SQL injection.
 * 
 * @param input      String to check. (Required)
 * @return Returns a boolean. 
 * @author Will Vautrain (vautrain@yahoo.com) 
 * @version 1, July 1, 2002 
 */
 function IsSQLInject(input) {
    /*
    * The SQL-injection strings were used at the suggestion of Chris Anley [chris@ngssoftware.com]
    * in his paper "Advanced SQL Injection In SQL Server Applications" available for downloat at
    * http://www.ngssoftware.com/
    */
    var listSQLInject = "select,insert,update,delete,drop,--,'";
    var arraySQLInject = ListToArray(listSQLInject);
    var i = 1;
    
    for(i=1; i lte arrayLen(arraySQLInject); i=i+1) {
        if(findNoCase(arraySQLInject[i], input)) return true;
    }
    
    return false;
}