#didn't answer the question but really cool: # $sql=sprintf "select * from table where %s", join " and", #also #print "$_ = ", join(";",$q-> param($_)),$/ for $q->param(); map { "location='$_'" } @{$IN{location}} use strict; use CGI; #don't need :cgi if using OO my ($cgi, $where, %IN); $cgi = new CGI; %IN = $cgi->Vars; #%IN = (param1 => value1, param2 => value2 , etc..); $where .= "AND ("; for my $key (keys %IN) { die "some message" if $IN{$key} =~ /[^A-Z0-9]/i; #some little bit of taint checking next if $IN{$key} eq ""; #or next unless $IN{$key} or the like $where .= qq( location = '$IN{$key}' OR location = '$IN{$key}'); } $where .= ")"; print "$where\n";