on par with my previous post about the asp form thanks to Monie for the info/code share but people seem to be able to crack peoples account by adding silly charactors in the login infront of a previous login ect...

if my login was

user1

and pass was

user1

they would simply add crap like

ž�user1 with a pass of what ever they wanted and it would change there pw

how do i make the form only accept [a-z , A-Z, 0-9]