Aaron,
Just in case you're not aware, best practice when allowing adhoc queries is to enforce usage of sp_executeSQL, because you can parameterize it and avoid injection attacks that way without a lot of overhead headache with the front end having to clean the parameters.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA