MYTABLE.DATE_FLD >=?dDateValueThis works in VFP, but also if you upsize to remote databases like SQL Server or Oracle that expect different date strings from VFP if you concatenate. There's 2 other advantages:
lcloggedinsalesperson="dlitvak' lcSQL=[select * from customers where salesperson=']+m.lcloggedinsalesperson+[' and cust_code=']+m.lcUserinput+[']Which limits searches to your own customers... unless a hacker enters a customer code like
' or cust_code like '%
And then the query is concatenated:select * from customers where salesperson='dlitvak' and cust_code='' or cust_code like '%'and now the hacker browses the entire customer list. In remote databases, injection has been used destructively by hackers and annoyed ex-employees- e.g. hacker enters
';drop table customers--
select * from customers where salesperson='dlitvak' and cust_code='' ; drop table customers--and now there's no customers table.
select * from customers where salesperson=?lcloggedinsalesperson and cust_code=?lcuserinput