>Not simple at all. If I have a simple data entry form that allows edits and that form has say 20 fields bound to text boxes, and the user can edit and then save, imagine writing an update statement parametizing all those fields that have changed. Besides in the case you mention, you would not be able to bind the fields, no Views or Cursor Adapters. You would have to develop a class that would build your Update statement.
>
>I can understand doing this on a web site, but I have never heard this about applications. I have developed many Web Services and have always parametised my SQL statements but never for in house applications. That is going overboard IMHO. No thank you.

Who would stop your users from typing

Name AND 1=1 in the First Name box?