>This looks like a generic class to me. Which if its the case a developer could create a form accepting input and feed it to the routine improperly.
>
>seeing code like that raises a red flag with me that's all.
Ok, I see. What would you recommend in the case of a SQLExec() which would execute a SQL based on parameterized values in order to avoid such situation?