> Use a prepared statement. Dynamically constructing SQL is a serious
> security loophole and a performance dog.
>
> I am not certain of the syntax for your language, but here it is in
> Java. It is similar in Delphi.

Thanks for the FUD. A "Prepared Statement" will be an equal "security risk",
while I imagine that a Search-and-Replace on a string would take much longer
than simple string concatination. As a matter of fact, I invite you to try and
make a general use ReplaceString function that doesn't use string concatination.

Enough with the Delphi-isms. While a lot of Delphi developers flock around here,
there are some fortunate souls who have never worked with Pascal.

--

The information transmitted herewith is sensitive information intended only for use to the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon, this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.