Kent Johnson wrote: > It > also looks like you are embedding the data in the SQL command, this is > very bad practice, it opens you to SQL injection attacks For a humorous explanation of why you don't want to directly embed data into SQL commands, see today's xkcd: http://xkcd.com/327/ Kent