Microsoft suggests weeding out these special characters in web requests:
< > " ' % ; ) ( & + -
Some people simply delete these characters, but a better approach is to encode them appropriately depending on what you are doing with them in your application.
