But isn't the whole point of SQL injection that this:

"select * from Table where Name ='" & strName.Replace("'","''")

If strName=xyz

becomes

select * from Table where Name ='xyz'

But if strName = xyz';Delete * From Table;Select 'xyz

becomes

select * from Table where Name ='xyz';Delete * From Table;Select 'xyz'

What does that have to do with ' quotes??