note dws Great end-to-end example, with at least problem. In <code>record</code>, you are escaping the values in the query that you're constructing, but not the keys. That opens the door to an injection attack. 842126 842126