If you're asking your users to submit a password of 6-12 characters, you want to make sure it is done properly and without any special characters which could compromise your system.

To do this, you would want to use regular expressions. Be sure to read the articles on this site that explain how regular expressions work if you have not used them before.

The code would look like this:

NewPass = request("newpass")
Dim RegEx
Set RegEx = New regexp
RegEx.Pattern = "^[A-Za-z0-9]{6,12}$"
RegEx.Global = True
RegEx.IgnoreCase = True

if RegEx.Test(NewPass) = FALSE then response.redirect("error.asp")
Set RegEx = NOTHING

That ensures that the user-submitted password is 6-12 characters long and is made up solely of letters and numbers - no special characters like ; or ' that might jeopardize your database security.

Note that you need the ^ at the beginning and $ at the end. That ensures that the entire pattern matches - from the very beginning to the very end of the string.

Be sure to use input checks not only on your passwords, but on anything the user submits that then gets sent along to a database query!