[snip] On 7 Aug 2007, at 10:28, Sales @ Lycosa wrote: > 1. Use regular expressions to sanitize the variables by removing dodgy > characters such as ` Regular expressions? Does PHP really lack a parameterized SQL execute function?! [/snip] They have several such as http://www.php.net/mysql_real_escape_string