note Joost <code> #!perl -w use strict; use DBI; my $dbh = DBI->connect('DBI:mysql:database=test','xxx','yyy',) || die; print $dbh->quote(q{Boston;DELETE FROM myTable}); __END__ 'Boston;DELETE FROM myTable' </code> <p> I don't see your point. If any DBD driver let's this through, (and DBD::mysql doesn't), it's a major bug. Yes, it might be inefficient, but it should never lead to a security risk if used correctly. <p> <!-- Node text goes above. Div tags should contain sig only --> <div class="pmsig"><div class="pmsig-157432"> <em>[id://149675|"What should it profit a man, if he should win a flame war, yet lose his cool?"]</em> </div></div> 440788 440823