Hi all, i'm pulling my hair out on this one!!! I have a standard SQL insert statement and it is causing so much grief. The users can put a comment in to a form field, which is then converted to a variable for my purposes, and then put in the SQL statement, this works fine. Except someone started putting apostrophes in their comments thus commenting out the code i assume!

Is there a work-around?

use the replace function:

sql = sql & "'" & Replace(FIELD_NAME, "'", "''") & "', "

I colored all single quotes/apostrophes red just so you can see the code a little more clear

So that replaces all ' with '' ????

as far as the database is concerned yes, but when the info is pulled from the db it will read as it should

I also posted a sticky thread about this exact problem... please at least glance at those before posting!