>>>Your current code is a prime target for SQL injection attacks. Concatinating strings to build a SQL statement from anything coming from a user-input fields is a big no-no. Use SQL parameters for that kind of thing.
>>>
>>
>>After speaking with my colleague looks like I have to abandon this idea for now. It's too complicated to change.
>
>
http://xkcd.com/327/:)
Well, since we're splitting words, it's not that critical, e.g. we're going to search by "Drop" "table" "students"....
If it's not broken, fix it until it is.
My Blog