DMGBe Ashamed!
Whenever I see a database error caused by a single quote in a string, I want to throttle somebody.
Do you see how I'm using single quotes all over the place here, and they're not breaking anything? D'ya see that? Do you see how I can use frightening character sequences like '; DROP TABLE LOG_ENTRIES -- and nothing bad happens at all?
If your code chokes on apostrophes, brackets-- in fact, if your code chokes on any characters at all, then you need to stop what you're doing and go find out how the big kids do it. HINT: They don't use string concatenation.
If your code broke because someone typed a ', or a space, or a tab, or any other character, you really should be ashamed. You took a risky shortcut, and got burned.