SQL injection attacks aren't caused by querystrings. If could be from form
data that is POSTed just as easily. It mainly has to do with how safely you
are handling input data, regardless of its source. Read this.
http://www.nextgenss.com/papers/advanced_sql_injection.pdf It's quite
interesting. And at an absolute minimum, please be sure that you're at
least dealing with input of the ' character.
Ray at home
"Robert Mark Bram" <none> wrote in message