note Win I don't know what database system you are using. However, I would nearly always recommend holding your SQL within a stored procedure held within the database. The stored procedure will not execute unless the variables meet the data types set in the stored procedure. It has other added benefits potentially.

Incidentally, I have never heard of using -T for taint checking. What is that about?
661249 661249