Martins solution seems a bit extreme... I wouldn't create a stored procedure for every query you are ever going to run.


Just remeber that all search strings need to be checked for single quotes. This is pretty simple to handle:


sSearchString = Replace(sSearchString,"'","''")