Talking off Sql Injection ... just read this interesting piece about MSSQL injection, one of the posts actually show how this was done by hackers. http://www.f-secure.com/weblog/archives/00001427.html and decoded hack on http://forums.iis.net/t/1148917.aspx?PageIndex=1 (you may have to scroll down). Raj