But I write in C so can can shoot my own foot 
Indeed.
Lots of talks and no one asking about the unusual design the user is doing?
For what I can notice, he really need a way to define a record of something called LINEUP (id, label, date, etc) and then insert a composition into a table as LINEUP_MEMBERS (id, lineup_id, name, time, etc) that he can consult easily later.
1 Like
Well - having read up now about SQL Injection, I can tell you that there would have been no chance of that in this case because the variables I have in mind will be supplied as responses to Xojo Session variable queries such as ClientWidth, ClientHeight and Platform etc, for statistical purposes.
However, I am glad I am now aware of the danger of accepting user text responses such as DO THIS IF 1 = 1 without analysis or scrutiny and will bear that in mind in the future. Many thanks.
I guess I did not express myself correctly when answering
Hopefully the OP has found the answer needed
I have the impression that the OP isn’t completely aware about his needs and the proper design to achieve them.
BTW, Ian is correct here, anyone can destroy a database with such thing:
1 Like
Well I guess Rick A is correct since I haven’t ever used a database in an online app before, otherwise I wouldn’t need to ask questions, but I am grateful for the responses and will learn from them.
If this is online App meant for interaction from other , not just personal use then yes you should read more about SQL Injection
Yes he is correct if the DB is meant for others
He is correct, just it. There’s no such thing of correct for others. Everybody should follow the current easy integrated statement preparation protection. In the past it was a PITA, but today it’s just putting some “?” here and there, and the proper parameters after. Easy as cake. 
I like cake 
Me too, but I prefer sweet pies. 
1 Like
Thank you all for the interesting responses, which have been very useful.