May just be that you are not escaping the input and are encountering a SQL injection error. Not sure which database extension you're using, but if it supports prepared statements with bound...