>>No, VFP always checks inside the exe/app first. Btw, your solution sounds like a perfect description of how NOT to do things since a user can easily do anything with the data....! Have you ever heard of SQL injection?
>>
>>>I have an app that includes a reporting module; this runs "external" queries and reports - that is, they are not compiled into my app. So for example my reporting module might call c:\localQueries\query1.prg to generate a cursor and then c:\localReports\report1.frx to report on the data. If my compiled app also includes a prg called "query1", at run time this gets called in preference to the external query - despite me calling the external prg with a fully qualified path name. Is there some way to avoid this - other than making sure the external queries are all named differently to any prgs compiled into the app.
>>>
>>>Thanks in advance
>>>Barry Sutton
>
>Hi Tore
>
>SQL Injection is only possible when a database server is executing queries. It also requires an inexperienced programmer to construct SQL by concatenating user values into the command string to be executed, instead of sending user values as parameters.
It's also possible against DBFs.