you could try: 1. get all form variables into an array 2. validate values 3. convert all values into entities using htmlentities() 4. build sql query (do some tests 'til get it right) 5. execute the built query (with proper db function) by now, commas aren't a problem, they are limited between sql query's quotes. If some quotes are inserted as value they are previously converted to its entities and do not break the sql query. as previously said in this thread, the problem is on quoting and maybe on converting the values to entities, to prevent some quote break the sql structure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php