I can't use '=' instead of '==' as i need an exact match on the street_ref i.e. I may have a street_ref of A123 and another of A123AB?= should be fine comparing 2 variables/fields of equal lengths.
Also, how is your &lcSQL built? Is it string concatenation using parameters supplied by a user? If so, your app is exposed to "SQL Injection" unless you parameterize the WHERE clauses.
Example:
lcSQL=[field1="]+lcUserentry1+[" and cUser=lcUser]
Say the cUser is to ensure that a user can see only their own records. Looks OK- but what if the user enters
?" or field1>"" or field1="? into the entry field.
This will give you a lcSQL of
lcSQL=[field1="" or field1>"" or field1="?" and cUser=lcUser]
Now this person is able to see all the records because AND takes precedence over OR.
To avoid this, use parameters.
lcSQL=[field1=?lcUserentry1 and cUser=lcUser]
Now it doesn't matter what the user puts into lcUserentry1.
It may not matter in this particular case for you but it's a good practice always to build injection-proof code. If you're already doing this, please excuse the reminder!
"... They ne'er cared for us
yet: suffer us to famish, and their store-houses
crammed with grain; make edicts for usury, to
support usurers; repeal daily any wholesome act
established against the rich, and provide more
piercing statutes daily, to chain up and restrain
the poor. If the wars eat us not up, they will; and
there's all the love they bear us."
-- Shakespeare: Coriolanus, Act 1, scene 1
