function sanitizeQueryString(queryString) {

const params = {};

if (!queryString) {

return "Error: Query string is empty.";

}

const pairs = queryString.split('&');

for (const pair of pairs) {

const [key, value] = pair.split('=');

if (!key) {

return "Error: Invalid query parameter format.";

}

// Sanitize key - allow only alphanumeric characters and underscores

const sanitizedKey = key.replace(/[^a-zA-Z0-9_]/g, '');

if (!sanitizedKey) {

return "Error: Invalid query parameter key.";

}

// Sanitize value - remove potentially harmful characters

if (value) {

const sanitizedValue = value.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");

params[sanitizedKey] = sanitizedValue;

} else {

params[sanitizedKey] = ""; //Handle empty values

}

}

return params;

}