Quoting Jay Hannah <jay at jays.net>: > If I was ever going to accept $prop as input from the outside I'd (1) > sanitize it with a regex, (2) make sure it was in a DBI placeholder, > not just running loose in an SQL string, and (3) use Perl's taint mode. What about the monger -not- named Jay who makes it available to the outside! :) Later, George.