>>Not simple at all. If I have a simple data entry form that allows edits and that form has say 20 fields bound to text boxes, and the user can edit and then save, imagine writing an update statement parametizing all those fields that have changed. Besides in the case you mention, you would not be able to bind the fields, no Views or Cursor Adapters. You would have to develop a class that would build your Update statement.
>>
>>I can understand doing this on a web site, but I have never heard this about applications. I have developed many Web Services and have always parametised my SQL statements but never for in house applications. That is going overboard IMHO. No thank you.
>
>Who would stop your users from typing
>
>Name AND 1=1 in the First Name box?

Look I understand the concept.

So if you really want to, please tell me how this is done when using Cursor Adapters or Views bound to the form controls. Or do I throw out views, CA's and bound controls?

Also how many of your applications have every update/insert statement parametised?

To be precise in this thread, unless the Combo box has Style = 0 you cannot possibly inject anything anyway.