	$_value =~ s/>/&gt;/g;
	$_value =~ s/</&lt;/g;

##</code><code>##

	$_value =~ s/’/&rsquo;/g;        # typed from keyboard
	$_value =~ s/%92/&rsquo;/g;      # uri encoding
	$_value =~ s/&rsquo;/&rsquo;/g;  # should never work

##</code><code>##

	our %_form; our $_value;
	our $_query = CGI->new();
	my @_field_names = $_query->param;
	foreach (@_field_names) {
		$_value = $_query->param($_);
		# convert nasty and/or special chars to html codes
		$_form{$_} = $_value;
	}

##</code><code>##

	foreach (@_field_names) {
		$_value = $_query->param($_);
		
		# convert special chars to html codes
		$_value =~ s/\x91/&lsquo;/g;		# smart quotes
		$_value =~ s/\x92/&rsquo;/g;
		$_value =~ s/\x93/&ldquo;/g;
		$_value =~ s/\x94/&rdquo;/g;
		$_value =~ s/\x96/&ndash;/g;		# dashes
		$_value =~ s/\x97/&mdash;/g;
		$_value =~ s/\x7C/&#124;/g;		# pipe
		$_value =~ s/</&lt;/g;			# brackets
		$_value =~ s/>/&gt;/g;
		$_value =~ s/{/&#123;/g;
		$_value =~ s/}/&#125;/g;
		
		# only allow the known good
		if ($_value =~ /([\w\s\.\@\&\ \!\'\"\-\,\/\#\:\;\(\)]+)/) {
				$_value = $1;
			} else {
				die("(Friendly error message)");
		}
		
		$_form{$_} = $_value;
	}