PREPEND: Illegal characters in QUERY_STRING - XSS protect