Nice job. Good job you wear a white hat. That this web 101 stuff can get a release at the highest levels scares the hell out of me. They can pay $100 for an automated service to test each page for vulnerabilities and send them a report for gods sake. If they haven't the capability to write a secure search script - use Google's free search - they know how to code. Maybe the zombie hordes have already infected the web monkeys 🙂