John Bokma wrote: > Not. Perl and Java use similar methods where one can specify place holders, > and pass on the data unescaped. But still injection is possible. How?