One thing you want to be careful of is embedded quotes. You might try using ' or " as the delimiter, and eliminating the other for possible entry (using client-side validation of course; the value is destroyed before you'd be able to validate for it on the server side). If you have to allow both ' and ", you could consider using the rarely used "back-apostrophe" (`). You can also try to user Server.HTMLEncode() on the value, before slipping it into the HTML element.
If you do this:
|<... value='<%="foo's bar"%>'>|
This evaluates to:
|<... value='foo's bar'>|
And everything after 'foo' is ignored, because the browser interprets that as the end of the string.
; Logging Options
; Defines what classes of security alerts are logged to the syslog daemon.
; Logging of errors of the class S_MEMORY are always logged to syslog, no
; matter what this configuration says, because a corrupted heap could mean that
; the other logging options will malfunction during the logging process.
; log in /var/log/messages
suhosin.log.syslog = 511
; Defines the maximum number of variables that may be registered through a POST
;suhosin.post.max_vars = 200
suhosin.post.max_vars = 1000
; Defines the maximum number of variables that may be registered through the
; COOKIE, the URL or through a POST request. This setting is also an upper
; limit for the variable origin specific configuration directives.
;suhosin.request.max_vars = 200
suhosin.request.max_vars = 1000