We have an ASP form and backend database / table with about 80 fields.
The user fills out the form and their entries become variables used in an SQL INSERT string like this snippet..
Then if surname = O'Reilly for example, we will get this error:
Syntax error (missing operator) in query expression
How can we update the code to allow apostrophes to be used without breaking our SQL string?
stringSQL = "INSERT INTO table (surname,firstname) VALUES ('" & request.form("txtSurname") & "','" & request.form("txtFirstName") & "')"