Google 'sql injection' ----- Original Message ----- > I have a huge website with many form entries and url variables. I just > realized that anybody can come along and insert sql code into my > variables and have it executed. What is the quickest and easiest way I > fix this? > > Is doing a replace() on ' the only way?