Kirk,

Appending string the way you do is an incorrect way of handling this problem - very open to SQL injection attacks. You need to use parameters instead.

Also, take a look at QuoteName function.

>I have a small issue with when a user adds a single quote ' mark within the string. It doesn't happen real often, but once or twice a month, and the update fails on the sql server side.
>
>Example:
>lcUpdateString=[DC'd and intact]
>
>I think I could write a routine that could be called and loop through the string, looking for the ' and putting it inside a set of double quotes. My questions:
>
>1. Would that work?
>2. Would it effect the vfp code below?
>3. Is there an easy way to do that type of code?
>
>
>VFP Code:
>

>lcCmd=[Update dbo.co_Pat_IVTable set ]+lcUpdateTextColumn+[=']+lcUpdateString+[', ]+lcUpdateIDColumn+[= ']+lcNewValues+[']
>lcCmd=lcCmd+[ where RecordID=?lnUpdateID]
>

>
>
>
>Thanks for your thoughts, insights, suggestions
>
>Kirk