in reply to GONE in a FLASH!
You really really should do some sort of verification on the data in QUERY_STRING. As it stands now, a malicious user could inject any HTML they'd like into your page.
-AM