Actually, I found that it doesn't matter if an SQL query is there or not. Example: http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20* Something like: http://www.example.com/viewtopic.php?t=12345&highlight=bug,* does not work however. There doesn't _appear_ to be any exploit here, though granted I did not check this a great deal. -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .