public bool Update(string strDescr) { string sqlUpdate = "UPDATE mytable SET mycolumn = \'" + strDescr + "\'" + "WHERE miPK = 5" // Call to ADO.NET to ExecuteNonQuery() }Of course, this isn't going to work because of the embedded single quote in the string the user entered. So, I figured I could add a method to my SQL parser class that escapes everything out for me. But, I'm not having much luck getting this to work. Has anyone been down this road? Any pointers or ideas on how to do this? I decided to build the string manually because VFP doesn't support parameters (arg...). I get the feeling I wouldn't have to go through this if it did.