Joel,

I only use SqlExec to talk to SQL Server with wwSql or wwBusiness as a front end to help with some of this stuff. wwSql is just a tiny wrapper around SqlExec but with an object interface that handles a few common use cases like error trapping, connection error retries etc.

Realistically you should never hard code values but always send parameters in sql statements. Otherwise you're real susceptible to SQL injection if you ever get any of this code onto the Web. If you use SQL parameters the encoding is taken care of for you as well.

lcChars = "!?'quoted text'"
Sql.Execute(loSql.nSqlHandle, "select * from blah where name=?lcChars")

will work just fine.

+++ Rick ---

>I'm starting to understand what you're saying. I didn't realize SQLExec would ignore the ? inside quotes. As far as I can tell, this will work without prompting for a parameter value:
>

>lcCmd = "-- command containing ? interpreted as parameter"
>? SQLExec(lnHandle, [execute sp_executesql N'] + lcCmd + ['])
>

>
>This now shifts my problem from questions marks to single quotes inside the command, but at least I can escape those with two single quotes. I would never use ADO recordsets over VFP cursors, but for sending script commands to SQL Server, it seems to work well enough. Since I've already got this written, do you know of any pitfalls/problems or other reasons I should prefer to use SQLExec over ADO for this purpose?
>
>Thanks.
>
>>Not sure why that wouldn't work. ODBC should ignore anything that is in quotes. This works for me:
>>
>>

>>? SqlExec(o.nsqlHandle,[select * from wws_customers where LastName = '?name'])
>>

>>
>>which would be roughly the same thing as you're doing. It'll return no data (since it doesn't match) but it returns 1 which is a successful response.
>>
>>+++ Rick ---
>>
>>>Hi Rick,
>>>
>>>>>>I am working on a script to create a database in SQL Server 2008. The script includes the creation of UDFs, and at least one of those contains a "?" in the UDF. Since SQLDMO is apparently gone, I am working on using SQLExec() to execute the script. The problem is that SQLExec() is interpreting the "?" as a parameter (and prompting for a value) when it is not. Is there anyway to tell SQLExec() to ignore anything it interprets as a parameter?
>>>>
>>>>What does the actual line of code you're trying to generate look like? Where is the question mark?
>>>>
>>>>It should work within a string constant and using Execute using the indirect expression stored proc I mentioned previously. Give me a reproducable example of what doesn't work.
>>>>
>>>
>>>Here is a reply I posted previously to someone else in this thread:
>>>
>>>Parameters are preceded by a ? in remote SQL statements. For example
>>>

>>>SQLExec(lnConnection, "Select * from MyTable where MyField = ?MyParameter")
>>>

>>>If MyParameter variable is not defined, VFP will pop up a dialog asking for the value. Here is a line of code from a script that creates a UDF in SQL Server:
>>>

>>>-- select dbo.GETOCCURSWORD(@lcString,  'Canada', ' ,.!?', default)  --  Displays 4
>>>

>>>When I send the script with SQLExec(), VFP pops up a dialog with Enter the value for ', default) -- Displays 4. It is interpreting the ? as a parameter. I'm asking if there is a way to turn off that behavior.