Jay Blanchard wrote: > Why can't SQL injection occur in a prepared statement? Are > they validating the data at that level? The sounds awfully > specious to me. My suspicion is that they are not validating at all, and just letting everything pass through. ---------- Randal Rust Covansys Corporation Columbus, OH Confidentiality Statement: This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by return email.