cmd = "SELECT TOP(200) bol_number, pro_number, client_city, client_state, client_zip, customer_city, customer_state, customer_zip, ship_date FROM " + THESQLTABLE + "WHERE " + fdPrNo + "=pro_number">
fdPrNo = ALLTRIM(UPPER(Request.Form("PRNO")))>
text to cmd textmerge noshow select top (200) bol_number, pro_number, client_city, client_state, client_zip, customer_city, customer_state, customer_zip, ship_date FROM <<TheSQLTable>> WHERE pro_Number = ?m.fdPrNo endtextThis way you will use parameters in your command.