Hi, Is there anyone in this group that has a simple script to check for SQL injection attacks? In the theory I was thinking about to check $_POST and $_GET if they contain specific "substrings" that could be used in an attempt. Maybe to loop thru all set values and see if they contain "DELETE FROM" or "TRUNCATE" or similar. I am aware of that I can create different db-users to restrict this, but in some hosting cases I only have access to one db-user. I also always use sprintf() so make sure integers etc are used where I expect integers. /Peter
