// remove characters to prevent sql injection attacks
// place within input text calling onBlur = "encode(this);"
function encode(myvalue)
{
	var count =0;	
	var msg = ' ';
	var tempmsg = '';
	var ismatch = '';
	var tempmsg2 = '';
	var myvalue2 = myvalue.value;

	if((myvalue2.indexOf('javascript') != -1) )

	{
		count = count + 1;

		tempmsg = tempmsg + '"javascript" ';
	}	

	if((myvalue2.indexOf('&lt') != -1) )

	{
		count = count + 1;

		tempmsg = tempmsg + '"&lt" ';
	}	


	if((myvalue2.indexOf('&gt') != -1) )

	{
		count = count + 1;

		tempmsg = tempmsg + '"&gt" ';
	}	


	if((myvalue2.indexOf('<') != -1) )

	{
		count += 1;

		tempmsg += '"<" ';
	}
	
	
	if(myvalue2.indexOf('>') != -1  || myvalue2.indexOf('>') == 0)

	{
		count += 1;
		tempmsg += '">" ';


	}
	
	if((myvalue2.indexOf(';') != -1 ))

	{
		count = count + 1;
		tempmsg += '";" ';


	}
	
	if((myvalue2.indexOf('script') != -1 ))

	{
		count = count + 1;
		tempmsg += '"script" ';


	}
	
	if((myvalue2.indexOf('Script') != -1 ))

	{
		count = count + 1;
		tempmsg += '"Script" ';


	}	

	if((myvalue2.indexOf('SCRIPT') != -1 ))

	{
		count = count + 1;
		tempmsg += '"SCRIPT" ';


	}		

	if((myvalue2.indexOf('alert') != -1 ))

	{
		count = count + 1;
		tempmsg += '"alert" ';
	}	

	if((myvalue2.indexOf('Alert') != -1 ))

	{
		count = count + 1;
		tempmsg += '"Alert" ';
	}		
	
	if((myvalue2.indexOf('ALERT') != -1 ))

	{
		count = count + 1;
		tempmsg += '"ALERT" ';
	}	
	/*if((myvalue2.indexOf('/') != -1) )

	{
		count += 1;
		tempmsg += '"/" ';


	} */
	

	

	if(count > 1) 

	{

		msg = 'The following characters are not allowed ' + tempmsg + ' ' + tempmsg2;
		alert(msg);
		myvalue.value = '';
	}

	if(count == 1)
	{
		msg = 'The following character is not allowed ' + tempmsg + ' ' + tempmsg2;
		

		alert(msg);
		myvalue.value  = '';
	}
	
	
}



//validate NAME, CITY, STATE

function chars(tb)
{
re=/([^a-zA-Z_\'\-\ \.\[\]])/
if(re.exec(tb.value))
{
alert("You have entered a bad string in the " + tb.name + " box")
tb.value='';
return false;
}
}
function checkEveryTextBox()
{
for(f in document.forms)
{
for(ele in document.forms[f])
{
if(ele.type=="text")
{
chars(ele)
}
}
}
}

//validate Entries

function chars2(tb)
{
re=/([^a-zA-Z_\'\-\ \.\[\]])/
if(re.exec(tb.value))
{
	alert("You have entered a bad string in the " + tb.name + " box")
	tb.value='';
	return false;
}
}
function checkEveryTextBox()
{
for(f in document.forms)
{
for(ele in document.forms[f])
{
if(ele.type=="text")
{
chars(ele)
}
}
}
}

//Cross-Site Scripting Validation on Form Inputs