On Wed, Jan 7, 2009 at 10:49 PM, Luming Xing <xingluming at googlemail.com> wrote: > Hi, > It works, should i always wirte it, when i write a SQL in > exec_SELECTquery()? If you work with user defined variables it is much more secure (have a look at Oliver's message). Cheers