javascript防止SQL注入

<SCRIPT language="Javascript">function Check(theform){??if (theform.UserName.value=="")?{alert("请输入用户名！")theform.UserName.focus();return (false);?}?if (theform.PassWord.value == "")?{alert("请输入密码！");theform.Password.focus();return (false);?}}function IsValid( oField ){?re= /select|update|delete|exec|count|'|"|=|;|>|<|%/i;?$sMsg = "请您不要在参数中输入特殊字符和SQL关键字！"?if ( re.test(oField.value) )?{alert( $sMsg );oField.value = '';oField.focus();return false;?}}</SCRIPT>

<input name="UserName" type="text" maxlength="20" id="UserName" onblur="IsValid(this);" style="width:125px;" /><input name="Password" type="password" maxlength="20" id="Password" onblur="IsValid(this);" style="width:125px;" />