Michel
Be very careful with this type of code. The code you are showing here is a prime candidate for a SQL Injection attack. I would recommend looking into implementing some type of parameter mechanism for this method.
I know this is off topic but I thought I would chime in here.
Thanks
Rodman
Rod Paddock
Editor in Chief CoDe Magazine
President Dash Point Software, Inc.
VP Red Matrix Technologies,Inc.