I have a screen in access where I am allowing the user to choose what they do and do not want selected from a query. I am building the WHERE clause dynamically based off of what they select. This query takes way to long to run in access, but only takes about eight seconds in Microsoft SQL server. I have created a stored procedure in SQL server and I want to pass the WHERE clause that I have built into it, but it wants the variable to be set equal to something instead of just the statement in order to prevent SQL injection attacks. I have also tried to use exec() and pass everything as a string, but i have strings in my WHERE clause which prevent the entire string from passing. ex. 'This is a example ' strVar ' that I pass'. Is there any way I can pass the information I want into SQL server?