Hi, I am implementing a search form where some strings will be used in SQL methods. I does not seem to be very safe to use a construct like select record from table where field like "%<dtml-var string_from_form>" because of the obvious hack where somebody fills in a string like: bla"; drop table important_table; Zope does contain some features where I can limit the imput to fields in forms, but the users really want to search for a string value. Is there any product for this? (Zope 2.3.3 on FreeBSD 4.2 connecting to PostgreSQL 7.1) -- __________________________________________________ "Nothing is as subjective as reality" Reinoud van Leeuwen reinoud@xs4all.nl http://www.xs4all.nl/~reinoud -> when replying to a mailinglist mail, please do <- -> *NOT* cc: me as well. If I read the list I will <- -> recieve the reply as well! <- __________________________________________________