>User of my application will select options with which to build a select query. Doing my best to make the thing error-free, but something(s) might slip through.
>
>Is it best to trap and report errors by use of Prepare, or is it just as effective to do that in the Execute method?

What components are you using, Jack, and how many rows can the select query return? I never call execute on select queries myself, I use either FIRST (if using TIB_Cursor) or OPEN (if using TIB_Query). PREPARE is a good thing to use with both of them.

One small warning that may or may not apply to you: If the user can modify the text of the query, you may be vulnerable to SQL injection attacks. Consider the following:

TIB_Cursor1.Add('select * from orders where customer = ''Jack Cane'' and seller = '+QuotedStr(Edit1.Text));

If Edit1.Text contained "Walmart" everything would work as intended:
select * from orders where customer = 'Jack Cane' and seller = 'Walmart'

SQL injection would be the case if Edit1.Text contained "'' or ''''=''" and the entire orders table would be returned:

select * from orders where customer = 'Jack Cane' and seller = '' or ''=''

Even worse, it is possible to use "UNION ALL" as part of an SQL injection attack.

If the user only can modify the value of parameters:

TIB_Cursor1.Add('select * from orders where customer = ''Jack Cane'' and seller = :Seller');
TIB_Cursor1.Prepare;
TIB_Cursor1.Params[0].AsString:=Edit1.Text;

then any attempt to use SQL injection would fail in Firebird (it would check whatever is in Edit1.Text against the seller field.)

HTH,
Set