Thanks for the reply dws
. Your assumption is correct. One of the handlers of the main database will be exporting the csv's and then using my script to upload the file and execute the update.
Assuming that someone defeats the double password protection and attempts to upload bogus data, they will have to figure out how many fields there are (I do a check on the CSV data), an incorrect # of fields throws an error and a message like: "Error #553. Please contact Jerry Garciuh at Terrapin Station". What sort of more rigorous checking do you think should I employ?
Think a race on a horse on a ball with a fish! TG