Hi, After getting suggestions recently about my little database. Someone suggestion I look into creating a class for my database and using functions within the class to insert and get data. This has been great and I can definately see the advantages to it. The only thing thats baffling me is the correct way to clean the query im sending to it. To give you an example, If I want to search for a name using a form then i might have a line like this... $customer = $_POST['customername']; $where = "customername = '.$customer; $result = dbobject->pullData($where); i know i can sanitize the $_POST data using mysql_real_escape_string() but this only works when the database link is open which only happens when you call pullData() and obviously I cant sanitize the $where string as this may be made up of a complex query. I hope im making sense! I should explain Im very new to the concept of classes etc so some friendly pointers would be greatly appreciated!