[code] <?php error_reporting(E_ALL); function SafeGurad($tempinput) { $tempinput = str_replace("%20","",$tempinput); $tempinput = addslashes($tempinput); $tempinput = str_replace("javascript","No_Java_Script_Allowed!",$tempinput); $tempinput = str_replace("</script>","No_Script_Allowed!",$tempinput); $tempinput = str_replace("<script>","No_Script_Allowed!",$tempinput); $tempinput = str_replace("SELECT * FROM","No_SQL_Script_Aloud!",$tempinput); $tempinput = str_replace("<","<",$tempinput); $tempinput = str_replace(">",">",$tempinput); return $tempinput; } $tempinput = "%20 /<>///\/\/\/\/\ LOL PANTS javascript SELECT * FROM"; echo SafeGurad($tempinput); php?> [/code] you got to fix your spelling and logic yourself tho.