incrediBILL - 6:10 pm on Dec 6, 2011 (gmt 0)

ithe code they send is ENCODED, so you can't check what it is

Nonsense.

The input routine can detect that it's ENCODED and either a) decode it and analyze it first or b) simply discard it because it's ENCODED in the first place.

Either way it's a winner.

Besides, the length of the data itself would never survive in my code as I truncate the input data to a reasonable length to avoid such endless strings of garbage being fed directly to any script, that way there is never any buffer overflow potential either.