>With SQL server (if that is the database in question) somone could inject extra SQL statements where you concatenate your SQL string...
>
>SQL server can process multiple sql statements in a batch. For instance they could enter SELECT * from users or some other statement in the username property you are using and SQL will run another query.
>
>Here's a more detailed article on SQL injection
>
>
http://www.4guysfromrolla.com/webtech/061902-1.shtml>
>You can also google "SQL injection" to find a number of articles on the subject.
Only within code this method can be accessed. So, we control that environment. Unless I am missing something here, I don't see any situation where someone could cause problem in here. Unless such environment would be in a place where one developper would have bad intentions. I have used this approach on numerous VFP projects as well. Only within code such methods can be accessed, thus within EXE or DLL.