Don't tell me how to declare a string!

no joke...this is from a code generator developed by an earlier employee. SQL = "INSERT INTO Orders (" & _ " OrderID, " & _ " CustomerID, " & _ " EmployeeID, " & _ " OrderDate, " & _ " RequiredDate, " & _ " ShippedDate, " & _ " ShipVia, " & _ " Freight, " & _ " ShipName, " & _ " ShipAddress, " & _ " ShipCity, " & _ " ShipRegion, " & _ " ShipPostalCode, " & _ " ShipCountry " & _ " )" & _ "VALUES (" & _ "'" & Orders.OrderID & "', " & _ "'" & Orders.CustomerID & "', " & _ "'" & Orders.EmployeeID & "', " & _ DataCommonFunctions.SQLDate(Orders.OrderDate) & ", " & _ DataCommonFunctions.SQLDate(Orders.RequiredDate) & ", " & _ DataCommonFunctions.SQLDate(Orders.ShippedDate) & ", " & _ "'" & Orders.ShipVia & "', " & _ "'" & Orders.Freight & "', " & _ "'" & Orders.ShipName & "', " & _ "'" & Orders.ShipAddress & "', " & _ "'" & Orders.ShipCity & "', " & _ "'" & Orders.ShipRegion & "', " & _ "'" & Orders.ShipPostalCode & "', " & _ "'" & Orders.ShipCountry & "') " Sql Injection anyone?!? Whenever I put sql in code it's always on one line and I'm using parameters!