DM> (i.e. Make sure there's nothing but an integer coming in as a parameter). > One is to cast to int in PHP, like: > $query="select * from my_table where id=".((int)$id); It's a small point, but if you're using PHP, there is already an intval() function that can be used to see if input really is an integer.. If you don't have a number, it returns 0. --rowan
