	foreach (@_field_names) {
		$_value = $_query->param($_);
		
		# convert special chars to html codes
		$_value =~ s/\x91/&lsquo;/g;		# smart quotes
		$_value =~ s/\x92/&rsquo;/g;
		$_value =~ s/\x93/&ldquo;/g;
		$_value =~ s/\x94/&rdquo;/g;
		$_value =~ s/\x96/&ndash;/g;		# dashes
		$_value =~ s/\x97/&mdash;/g;
		$_value =~ s/\x7C/&#124;/g;		# pipe
		$_value =~ s/</&lt;/g;			# brackets
		$_value =~ s/>/&gt;/g;
		$_value =~ s/{/&#123;/g;
		$_value =~ s/}/&#125;/g;
		
		# only allow the known good
		if ($_value =~ /([\w\s\.\@\&\ \!\'\"\-\,\/\#\:\;\(\)]+)/) {
				$_value = $1;
			} else {
				die("(Friendly error message)");
		}
		
		$_form{$_} = $_value;
	}