The following is a VBScript function that will escape an entire SQL string, not just individual field values. This is so that ' becomes '' when it's supposed to. The code can be easily converted to Visual Basic, as it was created initially using VB.Net.
For I = 1 To Len(sSQL)
DataElements(I - 1) = Mid(sSQL, I, 1)
For I = LBound(DataElements) To UBound(DataElements)
CurrentElement = DataElements(I)
If CurrentElement =