And run/test it and plop get an error. Upon checking you see the user typed something like a single quote mark in one of the string fields and aaha!
Now we filter for that and later PLOP
and PLOP so exactly where can we find a good routine for cleaning up these constructed SQL statements to prevent illegal characters? In fact we may wish to just permit a very selective group of characters except for a few special characters mostly alpha num space are all we mostly want going into these fields when we are updating.