Thank you for all the hints about the security issues with using the param call. I will replace those calls with accessing the parameters/params hash instead, which should solve the list context issues in the hash that my example was suffering from. Marius K.