I have made a VBA thingy that runs an INSERT query. The problem is that there is nothing to stop someone from using characters such as ' in any of the fields that are being inserted.

Is there a function to first encode these charachters before entering them into the SQL query?