[snip] Lets say you have a statement like: $query = "SELECT * FROM mytable WHERE firstname=$firstname";
And if $firstname is set to: "xyz"; DELETE FROM mytable Then this is executed as: SELECT* FROM mytable WHERE firstname="xyz";DELETE FROM mytable This can wipe out your table...a bad thing... [/snip] Ah! But only if the database user has permissions for DELETE. That is why security must be carefully thought out, because there are so many levels for it to be implemented on. This has been a great thread, lots of useful information. Jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php