>>Then we better do this ourselves - not only that VFP has to pass the parameters in some acceptable form (I assume there must be some conversion, at least for some data types), but I assume ODBC has to run some conversion of them into strings - which I somehow can't see as the fastest software in the world. I remember the earlier versions of ODBC drivers weren't exactly fast.
>
>If you don't pass them as parameters you are begging for SQL Injection attack.
What I mean is
TEXT TO lcSql NOSHOW TEXTMERGE
DECLARE @var1 int
SELECT @var1=<<value1>>
SELECT * FROM ... vere field1=@var1
ENDTEXT
sqlexec(lcSql, ...)
IOW, we can do the same, directly. I think that's what df had in mind, and what came to my mind after our last chat about this.