Ivo's Check Var Script (modified)

DO NOT USE THIS CODE!

Ivo's latest script is here.
<MIVA STANDARDOUTPUTLEVEL="html,text,compresswhitespace" DEFAULTMACROENCODING="entities">
<MvASSIGN NAME="var_list" VALUE="{miva_getvarlist('l') $ ',' $ miva_getvarlist('s') $ ',' $ miva_getvarlist('g')}">
<MvASSIGN NAME="l.nr" VALUE="1">
<MvASSIGN NAME="l.forbidden" VALUE="<>[]{}()\'\"&">
<MvWHILE EXPR="{var_list}">
<MvASSIGN NAME="vartemp" VALUE="{gettoken(var_list,',',l.nr)}">
<MvASSIGN NAME="vartemp" VALUE="{gettoken(vartemp,l.forbidden,1)}">
<MvIF EXPR="{vartemp}">
<MvIF EXPR="{len(&[vartemp];) GT len(gettoken(&[vartemp];,l.forbidden,1))}">
<MvEVAL EXPR="{hacker_error('The symbols < > [ ] ( ) " ' are not allowed in any field')}">
</MvIF>
<MvASSIGN NAME="l.nr" VALUE="{l.nr+1}">
<MvELSE><MvWHILESTOP></MvIF>
</MvWHILE>
The above code block goes at THE VERY TOP of your script.
I have changed Ivo's error message to be more readable, but you must now add any extra characters to the error message as well as the l.forbidden value.
Ivo's unchanged script is here.
http://www.scripts.idesigns.net/ivos_check_variables.txt
Your Script goes here....

This next block goes below your script
<MvCOMMENT>
############## hacker_error stops the script with an error display
############## if illegal chars have been found by check_vars
##############
</MvCOMMENT>
<MvFUNCTION NAME = "hacker_error" PARAMETERS = "string_in" STANDARDOUTPUTLEVEL = "html,text">
<HTML>
<HEAD>
<TITLE> Errors in data</TITLE>
</HEAD>
<BODY BGCOLOR="000000" TEXT="FF0000">
<H3><MvEVALUATE EXPRESSION = "{string_in}">
</H3>
<H4>Please use your "Back" button to return to the form and correct the form</H4>
</BODY>
</HTML>
<MvEXIT>
</MvFUNCTION>