No. This will not work to completely protect you from XSS and definitely not sql injection. Last I heard, Microsoft wants people to stop using this. They are using a black list to find any potential issues with the input. The only way to get close to preventing XSS and sql injection is to use a white list.
See here: http://www.asp.net/aspnet/overview/web-development-best-practices/what-not-to-do-in-aspnet,-and-what-to-do-instead#validation
Request Validation
Recommendation: Validate user input, and encode
output from users.
Request validation is a feature of ASP.NET that
inspects each request and stops the request if a perceived threat is
found. Do not depend on request validation for securing your
application against cross-site scripting attacks. Instead, validate
all input from users and encode the output. In some limited cases, you
can use regular expressions to validate the input, but in more
complicated cases you should validate user input by using .NET classes
that determine if the value matches allowed values.