防sql注入

<input type="text" id="alipay" name="alipay" onblur=‘AntiSqlValid(this)‘  >

<script>
  function AntiSqlValid(oField ){
    var re= /select|update|delete|exec|script|count|‘|"|=|;|>|<|%/i;
    if ( re.test(oField.value) ){
      alert("请您不要在参数中输入敏感字符！"); 
      oField.value = ‘‘;
      oField.focus();
      return false;
    }
  } 
</script>