well actually there's no sql injection in the wordpress search module. i think it's important to mention this .. this is a simple error sql . and by the way it works with : + too ;) regards laurent gaffié