I've been working on this ridiculously-large ASP/SQL record keeping system for a while now. And of course, I came across the worst fear of every developer working with SQL: the dreaded single quote.
My problem was that I was forming my SQL statement on the submitting page in JavaScript, because it just seemed easier, plus I hate VBScript. So removing the single quotes on the VBScript side was out of the question.
So I came up with a way to remove the single quotes and replace with the VBScript hash code. The only down side is that I have to run this for each relevant field on the submit form function, so it bogs down a bit. But geez, it does that any way because there are so many fields.
I haven't seen this before, so this is why I'm posting it, here's the code:

while (FormFieldName.value.indexOf("'") >= 0) {
FormFieldName.value = FormFieldName.value.replace(FormFieldName.value.ch arAt(FormFieldName.value.indexOf("'")),"'");
}

Pretty simple, but it takes care of business. And the best part is, when you pull the field for the record in ASP, VBScript automatically interprets that ' as a single quote and writes it in without changing anything in your record.
Beautiful...I think.

Hope this helps someone who had the same problem.
-colin