On 7 Aug 2007, at 10:28, Sales @ Lycosa wrote: > 1. Use regular expressions to sanitize the variables by removing dodgy > characters such as ` Regular expressions? Does PHP really lack a parameterized SQL execute function?! -- David Dorward http://dorward.me.uk/ http://blog.dorward.me.uk/