>>>this is my SPT string. My trouble is some querys have more than one opstc with a value of say 20. I would like to get the one with the largest opseq when that happens. Both of these fields are in the amflib6.morout table.
>>>
>>>

>>>pdm.sqlmo = "Select amflib6.momast.ordno, fitem, fdesc, citem, isqty, ostat, opstc, wkctr, opseq From amflib6.momast" +
>>>" Join amflib6.modata On amflib6.modata.ordno = amflib6.momast.ordno" +
>>>" Join amflib6.morout On amflib6.morout.ordno = amflib6.momast.ordno" +
>>>" Where fitem = '" + arg1.trim().toUpperCase() +
>>>"'And (opstc = '20' Or opstc = '30') And isqty > 0 And ostat < 45";
>>>

>>
>>You are in big danger here, because you are open for SQL Injections,
>>What if you have this in arg1.Value:
>>
>>';SELECT * FROM amflib6.momast --
>>You end up with this:
>>
>>
>>

>>Select amflib6.momast.ordno, fitem, fdesc, citem, isqty, ostat, opstc, wkctr, opseq
>>       From amflib6.momast
>>Join amflib6.modata On amflib6.modata.ordno = amflib6.momast.ordno
>>Join amflib6.morout On amflib6.morout.ordno = amflib6.momast.ordno
>>Where fitem = ''; SELECT * FROM amflib6.momast--'And (opstc = '20' Or opstc = '30') And isqty > 0 And ostat < 45";
>>

>>
>>To your question, you can do this in your where clause IF there is only one field you must check, but joining derived table (as Naomi suggests) is usually faster.
>
>Great catch, Boris! We need to convert this to parameterized query instead.

Sure Steven should use parameters.
BTW isn't Steven use .NET?
Why the question is in VFP forum? :-)
I assume this just because of this: arg1.trim().toUpperCase() :-)
If it was UPPER(ALLTRIM(arg1)) :-) ...