>m.lcParameter = "something to be injected"
>
>Here I add the parameter to the string:
>lcSQL = "select * from table where field = ?lcParameter"
>
>vs
>
>Here I add the parameter value to the string:
>lcSQL = "select * from table where field = ' " + m.lcParameter + "'"
>
>The difference is obvious.
Why you're showing VFP sample? Also, I know that, are you explaining it for Brandon?
If it's not broken, fix it until it is.
My Blog