I have two arrays which are values for checkboxes and I need to compare them on the next page when they get submited, The first array I created which is the checkbox values that were selected previously: 1st page: <input type='checkbox' name="compare" value="131717"/> <input type='checkbox' name="compare" value="131719"/> Code (markup): 2page.asp?compare=131717&compare=131719 i did try to use this script <% Dim Connection, Recordset Dim sSQL, sConnString, iColumnSpan sSQL="SELECT * FROM news WHERE newsid IN (" & Replace( Request.QueryString("compare"), "'", "''") & ")" sConnString="Provider=SQLOLEDB.1;......." Set connection = Server.CreateObject("ADODB.Connection") Set recordset = Server.CreateObject("ADODB.Recordset") connection.Open sConnString recordset.Open sSQL,connection If Recordset.EOF Then Response.Write("No records returned.") Else Response.write "<table width=""100%"" border=""1"">" %> Code (markup): But i am vulnerable to sql injection using this method. Any Help Thank you