Yikes, be careful with that thing, it's loaded. ;-) $variable$ does substitution, so should really only be used as an absolute last resort because of the SQL injection risk.
Also, this statement will be sent to the database with no parameters, because they are all being substituted in. For example, if you did "insert into blah (col1, col2) values ($val1$, $val2$)" where val1 = 12 and val2 = '34'... The database doesn't get this: "insert into blah (col1, col2) values (?, ?)". It gets "insert into blah (col1, col2) values (12, '34')" instead. In your case, you are then trying to set parameters on it, but there are no parameter markers, so you get "Invalid column index". Further, if val2 is '34;drop table blah;--', you just inserted a record, then dropped the table. When that happens in a live app, you better hope you have a recent resume. :-D Larry
