Thanks. Please keep us posted. For some of my potentially exposed areas I was just doing regex lookups against the input parameter to filter out possible SQL injection keywords. Obviously not as elegant and efficient as using ADO parameters to strictly define the data that should be coming into the SQL statement. Playing around with the code you provided yesterday I had problems using an ADO parameter as a condition of the SQL LIKE statement. Not sure if that's an ADO limitation, a Python ADO limitation, or my relative ignorance :-)
-- http://mail.python.org/mailman/listinfo/python-list
