Don't do it this way at all. It's a good way (or bad way) to allow SQL Injection. Use parameters for your variables. Here's how to do it with stored procs.
https://www.levelextreme.com/ViewPageArticle.aspx?ID=772>I would like to have some help to create a more streamlined SQL statement.
>
>My current statement:
>
>
>
>String where = " Where pinbr Like " + lookupString + " And posstr(pinbr, 'DEV') < 1 And posstr(pinbr, 'DYN') < 1 And posstr(pinbr, 'ST') < 1 And posstr(pinbr, 'CDR') < 1";
>
>"Select pinbr, cinbr, ITDSC, qtypr From amflib1.pstdtl" +;
>" Join " amflib1.itment" +;
>" On amflib1.pstdtl.cinbr = amflib1.itment.itnbr" +;
>where
>
>
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer