Very simple question (surprisingly I can't find a similar question anywhere): how do I escape form data in VB.net? I have various lines like this:
Dim query As String = "exec sp_Message_insert @clientid='" + pClientId + "', @message='" + pMessage + "', @takenby='" + pUserId + "', @recipients='" + pRecipients + "'"
If I use an apostrophe in the message then of course this screws up the query. I've looked through the intellisense functions on the string but don't see anything appropriate...