Thanks for your comments, this is not a production script, nor is it designed for anything other than internal use.  It only supports text, date and number searches so i didn't see a huge need to use a SQL_Variant type.  Sql injections are not an issue as this should not be used in a production environment.  If that is your intent i would suggest finding a different script as this returns table and column structures via the sql it returns from matches it has found, which would be a perfect tool for a nefarious person to help sql inject your application.  So i see your points but dont see any reason to adjust the script for either cases.  Just know that this is a tool for internal use and know that a text search requires a string, dates require a date, and numbers require a number, and it should work fine.