Single Quotes in CGI

Hey, all:I'm currently testing a stand-alone executable Lecotra 2005 SP4a exam which submits its results to an Access database using CGI. It's powered by the saveresult.asp and TestResult.MDB from this board, both of which work well.Where I'm running into trouble is when I try to pass any text containing single quotes/apostrophes over to the Access database. Any other text comes over fine. I'm hoping there's some way to modify the saveresult.asp code to have text with single quotes/apostrophes come over.As an example, the following script only works if "question3" has no single quotes in it:<%@ Language=VBScript %><%'Get the parameters posted from the test'score=Request.form("Score")name=Request.form("Name")question3=Request.form("Question3")'Validate that this is actually from a Lectora test'if score="" Or name="" then Response.Write "" Response.Write "Failure " Response.Write "" Response.Write "STATUS=500" Response.Write "
" Response.Write "Could not parse test results due to a parameter error." Response.Write ""else 'Write the results to an access database' ' First let us create Connection and Recordset objects' Set Conn = Server.CreateObject("ADODB.Connection") Set Rs = Server.CreateObject("ADODB.RecordSet") ' Open the connection to the ODBC source, in this case the Access database' Conn.Open "TestResults" ' Now, create the SQL statement' sSQL = "INSERT INTO Fraud(Name,Score,question3) VALUES ( '" & name & "', " & score & ", '" & question3 & "')" ' Execute the SQL statement, and set the recordset object' ' to the result of this execution. We obtain the resulting' ' records in Rs object' Set Rs = Conn.Execute(sSQL) ' Close the Recordset object and destroy it' Set Rs = Nothing ' You might want to release the resources for connection object, ' ' unless you want to use the same connection again in the later code' Conn.Close Set Conn = Nothing 'The response is optional, it is good for debugging' Response.Write "" Response.Write "Success " Response.Write "" Response.Write "STATUS=200" Response.Write "
" Response.Write(sSQL) Response.Write "
" Response.Write "Success." Response.Write ""end if%>***Thanks,Matt