>Anyone have a good way of doing this and keep safe from SQL injection? Do you have any information at all about the field types/columns being included? There are certainly ways to handle this if you just have something like a string of words you want to search on or known phrases, such that you can split them out into cfqueryparams. If it's just a random where clause, that would be a lot more challenging, if not impossible, to make hacker-safe.
--- Mary Jo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305285 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4