If you use stored procedures, you dont need a lot of the quote and
other escaping you need to do otherwise. That being said, the only
"quote" issue you have (no pun intended) is with single quotes. In
this case, double the single quotes. A common way of doing this is
with the Replace method ...
sql = replace(str, "'", "''")
That's a single quote surrounded by double quotes as the 2nd parameter
and two single quotes surrounded by double quotes as the 3rd
parameter.