If you use the ADO Command object and parameterized queries you wouldn't have to change anything or even worry about what the user enters. Basically something like
Code:
Dim cmd as ADODB.Command
With cmd
.CommandText = "Insert Into TableName (DescriptionField) Values(?)"
.CommandType = adCommandText
.Parameters.Add .CreateParameter("@Description", advarchar, adParamInput, 500)
.Paramters("@Description").Value = txtSomeTextBox.Text
.Execute ,,adExecuteNoRecords
End With
The user can enter anything they want and the update will succeed. I only show 1 parameter but you can of course have as many as you need.