No, no, no!!!! :-)

Seriously, do as Dmitry suggests. NEVER EVER create manual sql strings as you are seriously exposing yourself to SQL Injection attacks.

VFP makes it very easy to pass parameters into SQL statements with SQL Passthrough that avoid the whole tricky business of parsing strings properly.

lcName = "Some Name that includes, and ' and CRLF " + CHR(13) + CHR(10) + " and much more."
lcCompany = "Clueless Inc."
INSERT INTO Customer (Name,Company) values (?lcName,?lcCompany)

+++ Rick ---

>I have a lot of Character fields that I am uddating onto Sql Server.
>I have written a .prg to do this, using a SqlExec as in
> nResult = SQLEXEC(lnHandle,lcInsert)
>and the Insert includes all the fields just strung together
>(Insert into MyTable (Fld1,fld2,fld3) Values 'aaaaa','bbbbbb','ccccc')
>
>Working for the most part .
>I have a lot of Single quotes in the Columns so I do a Replace MyField with Strtran(Myfield,"'", "''")
> (Replace a Single Quote with a double quote, otherwise SQL command goes mad)
>
>This workks for the most part, unless for instance there are lots of Single Quotes (or a single quote as the very last charcater in the field), in which case the data gets truncated, sometimes ending up with a single quote any way and an error
>
>Is there a more elegant/better way to do this (if I was using .Net , I'd use Paramaters but dont htink I can do this in .prg)
> so as to overcome this single quote problem
>
>Tia
>Gerard