function SQLstmt(theField,checkAll) {
var hasSQL = false

	if (checkAll) {
		if (theField.value.indexOf("'") > -1) { hasSQL = true }
	}
	if (theField.value.indexOf("=") > -1) { hasSQL = true }
	if (theField.value.indexOf("_") > -1) { hasSQL = true }
	if (theField.value.indexOf("]") > -1) { hasSQL = true }
	if (theField.value.indexOf("[") > -1) { hasSQL = true }
	if (theField.value.indexOf(";") > -1) { hasSQL = true }
	if (hasSQL) {
		theField.focus()
		alert("Invalid  ' = _ [ ] ;")
	}
	return hasSQL
}

function sqlInjectionCheck() {
	return checkAllFields(true);
}

function sqlInjectionField() {
	return checkAllFields(false);
}

function checkAllFields(checkAll) {
var i=0
var x=0
var els
	for (i=0; i < document.forms.length; i++) {
		els = document.forms[i].elements; 
		for(x=0; x<els.length; x++){ 
			switch(els[x].type) {
				case "text":
					if (SQLstmt(els[x],checkAll)) {return false}
				  break;

				  case "textarea":
					if (SQLstmt(els[x],checkAll)) {return false}
				  break;

				  case "password":
					if (SQLstmt(els[x],checkAll)) {return false}
				  break;
			}
		}
	}
	return true
}