Jens Scheidtmann wrote: > > Doesn't create this a SQL Injection vulnerability? > Shouldn't one use mysql(_real)_escape_string? > > http://php.net/mysql_real_escape_string > http://php.net/mysql_escape_string > > Jens > Thank you for pointing this out. I wouldn't have discovered this on my own in this timely manner. Mark