help someone fugging my site :(

i run a small big brother website www.neue.co.uk/bigbrother and every
so often someone comes in and posts something to my shoutbox that
kills the script and i get an error saying

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'HTMLEncode'

/bigbrother/lesley.asp, line 120

i have a script that checks and replaces bad words and im wondering if
theyre trying to sql inject me or soemthing?

is there anything simple i can add into the 'bad words' checker that
would stop this happening? i.e. i know that to check for a quote mark
(") you can use something like """"""" but i dont know how many of
them to use lol.

my badwords checker is:

<%
Function ReplaceBadWords(InputComments)
Dim badChars, newChars, sLength, sAttachtoEnd, x, i
'create an array of bad words that should be filtered
badChars = array("rubbish", "crap", "shit", "cunt", "twat", "fucking",
"fuck", "dick", "bollocks", "wank", "wanker", "bastard", "bitch",
[url=http://", "[/url]", "", " script>" )
newChars = InputComments
'loop through our array of bad words
For i = 0 to uBound(badChars)
'get the length of the bad word
sLength=Len(badChars(i))
'we are going to keep the first letter of the bad word and replace all
the other
'letters with *, so we need to find out how many * to use
For x=1 to sLength-1
sAttachtoEnd=sAttachtoEnd & "*"
Next
'replace any occurences of the bad word with the first letter of it
and the
'rest of the letters replace with *
newChars = Replace(newChars, badChars(i), Left(badChars(i),1) &
sAttachtoEnd)
sAttachtoEnd=""
Next
ReplaceBadWords = newChars
End function
%>

thanks guys!