note that your version is open to sql injection attacks, while mrab's reply isn't. andrew someone wrote: > if mf: > mf = " AND mf = %s " % mf > if age: > age = " AND age = %s " % age