>>m.lcParameter = "something to be injected"
>>
>>Here I add the parameter to the string:
>>lcSQL = "select * from table where field = ?lcParameter"
>>
>>vs
>>
>>Here I add the parameter value to the string:
>>lcSQL = "select * from table where field = ' " + m.lcParameter + "'"
>>
>>The difference is obvious.
>
>Why you're showing VFP sample? Also, I know that, are you explaining it for Brandon?

Naomi

Don't be dense. I don't want to get into an argument with you, because you might steal my password and break into my account - as you did to Andy Kramek - and who knows what mischief you'll do then.

I originally replied to Brandon, not you, because IMO your statement was unclear. You protested that your phrasing was clear. Obviously you did not appreciate the difference between your phrasing and mine. I provided an example to you because you asked. The language I use to provide the example is irrelevant, as long as you and I understand it so the distinction can be made.