Error if ; in text field on form

Hey Guys,

I've been lurking here but haven't had to post before. Now I'm racking my brain on this for almost a week. I've tried numerous searches and come up blank.

I'm not normally a CF developer (haven't done it in about 12 years), but I inhereted a very simple app that needs modification. I've gotten through all the modifications and fixed most issues; created new pages, etc; but this one I can't get past.

Background - inhereted CF app; very simple in nature; handful of fields on a form which on action, post into a database, then display a confirmation page with the details. The original creator seems to have written it in more HTML than CF (regular form and field inputs, not CFFORM, CFTEXTAREA, etc).

What's tripping me up is that if someone enters a semicolon into any of the text input fields or the textarea field, on submit we get a "404-File or Directory not found"

Ultimately what I want is for anything that's entered to be HTML friendly since the result is only used in an HTML email or to display on-screen in HTML;

Could this be something glaringly simple like the wrong tags or a simple attribute that needs to be added, or what am I missing? I would've thought if it were a common mistake it'd come up easily in a google search, but no such luck.

Any tips greatly appreciated!

Typing a semicolon into a text field should not do this, so something else has to be going on. Is the form action GET instead of POST? Can you show the form tag, the field in question, and any relevant JavaScript (if any JS is running on submit)?

I thought it seemed pretty abnormal; I would think CF would help with this fairly automatically.

Here's some of the code; it was previously just form fields, but I've been converting them to CF form/field types:

The action is just a cfquery with an insert into the table using value <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#Evaluate(HtmlEditFormat("FORM.Comments") & i)#">

I don't currently have any javascript on the page or any onsubmit type actions.

Hrm - well this could be the culprit - maybe it was the previous develper's attempt at preventing SQL injection attacks? I just found this code in a file that must get referenced during page load:

That's definitely it.