Goulet, Dick wrote: >Jon, > > Yes that is a concern. In our case data that goes into a table >is only data to be passed to the procedure, not part of an execute >immediate.=20 > > Oracle 10g has regular expressions, which can reduce the likelihood of someone entering misformed SQL command and executing it on behalf of the server. -- Mladen Gogala Oracle DBA Ext. 121 -- //www.freelists.org/webpage/oracle-l