do be careful of SQL injection if you are concatenating strings. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4026348#4026348 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4026348