Be very careful with this approach. You're taking data straight from the control to your dynamic SQL. This will leave you open to a SQL Injection attack.
http://www.sitepoint.com/article/794-Mike
>Hello everybody
>I want to use a general function to validate a unique keyfield with an sql command.
>
>Mysql database via odbc !
>
>validate event in foxpro
>p_data = this.value
>p_table = mytable
>p_fieldname = mykeyfield
>
>l_ok = p_exists(p_table,p_fieldname,p_data)
>
>if l_ok > 0
> messagebox("Allready exits !")
> return 0
>endif
>
>*************************************************************
>function p_exits
>parameters p_table,p_fieldname,p_data
>
> = SQLEXEC(p_connection,'SELECT count(*) as present from ?p_tabelle where ?p_fieldname = ?p_data')
>
>return present
>endfunc
>**************************************************************************
>
>the ?p_data parameter works , but ?p_table and ?p_field seem not allowed ???
>What am i doing wrong ??
>Any possibility use pass tablename and fieldname as a parameter to an sqlcommand ??
>
>Best regards
>Albert