Some friends of mine have been telling me that some people are piggy-backing sql statements into form submissions to execute rogue sql statements on asp pages. I can certainly check all the fields for semi-colons. Is there a better way? Are there any articles on the Web? What else should I be looking out for? Thanks.