> So, I need to swap out "SELECT * FROM users WHERE userid = '" & user_id & > "' > AND password = '" & password & "'" > > with parameters: "SELECT * FROM users WHERE userid = @userid AND password > = > @password" We're using ODBC if that makes a difference.