<% Dim fieldName Dim fieldValue Dim Item For Each Item In Request.Form fieldName = Item fieldValue = Request.Form(Item) If inStr(fieldValue, "&") Or inStr(fieldValue, "+") Or inStr(fieldValue, "(") Or inStr(fieldValue, ")")_ Or inStr(fieldValue, "=") Or inStr(fieldValue, "%") Or inStr(fieldValue, "*") Or inStr(fieldValue, "<")_ Or inStr(fieldValue, "'") Or inStr(fieldValue, "$") Or inStr(fieldValue, "#") Or inStr(fieldValue, ">") _ Or inStr(fieldValue, "Execute") Or inStr(fieldValue, "Update")_ Or inStr(fieldValue, Chr(034)) Or inStr(fieldValue, "execute") Or inStr(fieldValue, "update")_ Then Response.Redirect "error.asp?Error=" & fieldName & " " & fieldValue & " is not allowed." Response.End End If Next For Each Item In Request.QueryString fieldName = Item fieldValue = Request.QueryString(Item) If inStr(fieldValue, "&") Or inStr(fieldValue, "+") Or inStr(fieldValue, "(") Or inStr(fieldValue, ")")_ Or inStr(fieldValue, "=") Or inStr(fieldValue, "%") Or inStr(fieldValue, "*") Or inStr(fieldValue, "<")_ Or inStr(fieldValue, "'") Or inStr(fieldValue, "$") Or inStr(fieldValue, "#") Or inStr(fieldValue, ">") _ Or inStr(fieldValue, "Execute") Or inStr(fieldValue, "Update")_ Or inStr(fieldValue, Chr(034)) Or inStr(fieldValue, "execute") Or inStr(fieldValue, "update")_ Then Response.Redirect "error.asp?Error=" & fieldName & " " & fieldValue & " is not allowed." Response.End End If Next %>