Thanks for this. We have been plagued by these sort of hacks for the last few months. It has taken us a while to narrow down the problem and a lesson has been learnt. ALWAYS FILTER ANY PASSED URL PARAMETERS. We are using asp on a windows server so the htaccess solution isn't possible but by passing any numeric values through the CInt() function it seems to be blocking further attacks from executing successfully.

__________________
Search Engine Optimisation uk French Property Voucher Codes