>>this is my SPT string. My trouble is some querys have more than one opstc with a value of say 20. I would like to get the one with the largest opseq when that happens. Both of these fields are in the amflib6.morout table.
>>
>>

>>pdm.sqlmo = "Select amflib6.momast.ordno, fitem, fdesc, citem, isqty, ostat, opstc, wkctr, opseq From amflib6.momast" +
>>" Join amflib6.modata On amflib6.modata.ordno = amflib6.momast.ordno" +
>>" Join amflib6.morout On amflib6.morout.ordno = amflib6.momast.ordno" +
>>" Where fitem = '" + arg1.trim().toUpperCase() +
>>"'And (opstc = '20' Or opstc = '30') And isqty > 0 And ostat < 45";
>>

>
>You are in big danger here, because you are open for SQL Injections,
>What if you have this in arg1.Value:
>
>';SELECT * FROM amflib6.momast --
>You end up with this:
>
>
>

>Select amflib6.momast.ordno, fitem, fdesc, citem, isqty, ostat, opstc, wkctr, opseq
>       From amflib6.momast
>Join amflib6.modata On amflib6.modata.ordno = amflib6.momast.ordno
>Join amflib6.morout On amflib6.morout.ordno = amflib6.momast.ordno
>Where fitem = ''; SELECT * FROM amflib6.momast--'And (opstc = '20' Or opstc = '30') And isqty > 0 And ostat < 45";
>

>
>To your question, you can do this in your where clause IF there is only one field you must check, but joining derived table (as Naomi suggests) is usually faster.

Great catch, Boris! We need to convert this to parameterized query instead.