I'm convinced there is no way in this particular statement, given that the var is in quotes. All you're doing after all is echoing it, which only does one level of interpretation, which in this case is removing the quuotes. Of course, some values may be more dangerous for statements further on in the code. e.g. HTTP_USER_AGENT='`cat /etc/passwd`' Matt
This archive was generated by hypermail 2b30 : Sat Nov 16 2002 - 17:13:11 PST