It's a simple insert, so I'm using a commandbuilder. I think that will automatically escape the field names, since it builds the command itself. I think it escapes EVERY name, needed or not. It works in testing, though, so that does appear to be working.