Hey all,

I have a stored procedure where I build an SQL string in SQL Server. I have it parameterized on the asp.net side of things but I am getting an error when I send anything with a bad character to the parameter. This is the line I am having trouble with:

SET @sSQL = @sSQL + ' AND LastName LIKE ''' + @LastName + ''''

I passed O'Sullivan and I get a syntax error because of the apostraphe. How would I fix this?

Thanks