>I need to get some data out of SQLserver from my vfp9sp2 app
>i have never done this btw
>here is what i got from the sql guy:
>

>declare @StartDate datetime , @EndDate datetime
>set @StartDate = '4/1/2016' set @EndDate = '4/30/2016'
>
>select a.*
>from BAI.F_Transaction a
>join dbo.D_Date b on ( a.GroupAsOfDate = b.RowID )
>where  ( DTransactionID = 1018 )
>             and
>             ( b.[Date] >= @StartDate and b.[Date] <= @EndDate )
>order by a.GroupAsOfDate desc
>
>
>

>here is my vfp translation
>
>

>dt1 = DATE(2016,4,1)
>dt2	= GOMONTH(dt1,1)-1
>
>
>lcServer = [OTT-sqlprod]
>
>
>CONNSTR = [Driver={SQL Server};Server=]+lcServer+[;Trusted_connection=Yes;Database=cmdw;]
>
>lnHandle = SQLSTRINGCONNECT( CONNSTR )
>*** returns 1
>
>IF Handle < 1
>	STRTOFILE( "Unable TO CONNECT TO SQL" + CHR(13) + CONNSTR, 16 )
>	RETURN
>ENDIF
>
>
>TEXT TO lcCMD NOSHOW TEXTMERGE
>select a.*
>from BAI.F_Transaction a
>join dbo.D_Date b on ( a.GroupAsOfDate = b.RowID )
>where  ( DTransactionID = 1018 )
>             and
>             ( b.[Date] >= '<<dt1>>' and b.[Date] <= '<<dt2>>' )
>order by a.GroupAsOfDate desc
>ENDTEXT
>
>
>

>lnSuccess returns -1
>
>what am I doing wrong

You have just made an SQL Injection Attack susceptible piece of code. It's not the hackers that are the problem with SQL Injection. It's the programmers that do not have the practice to prevent it.

select a.*
from BAI.F_Transaction a
join dbo.D_Date b on ( a.GroupAsOfDate = b.RowID )
where  ( DTransactionID = 1018 )
             and
             ( b.[Date] >= ?m.dt1 and b.[Date] <= ?m.dt2 )
order by a.GroupAsOfDate desc

By passing the dt1 and dt2 as parameters nothing any hacker does can alter your sql command to turn it into a time bomb.