So, you limit the data they can put into that field. I also didn't say an SP was your only defense, only the first line of defense.
>If a user typed < script > in the field using stored procedures would not help.
>
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer