ah, sorry, from title i guess you were aware of this. andrew andrew cooke wrote: > note that your version is open to sql injection attacks, while mrab's > reply isn't. andrew > > someone wrote: >> if mf: >> mf = " AND mf = %s " % mf >> if age: >> age = " AND age = %s " % age