>*argh* You don't do any quoting of SQL-parameters, and that's more than bad! >(leaves you up to the mercy of SQL-injection attacks, for example) > > > I'm aware of the issue. But I think the one who start this question is too naive to explain anything more complex. Just give him a hint for further investigate.