are there security issues (sql injection specifically) involved with storing the user agent? Just how far can the user agent be changed? for example, objRecordset.Fields("BROWSER") = left(trim(Request.ServerVariables("HTTP_USER_AGENT")),50)