Sorry but i didnt see any SQL injection with your example. I tried all ways and did not get any result or error from SQL server. Could you please show me injection that you found. and vulnerable codes in misc.php Regards, Mustafa Can Bjorn IPEKCI