Well no actually I would rather not work directly with the API, I would rather use the built in components in Laz. Problem is I am not talking about escaping "" characters.
I'm talking when, for instance, my insert query has a varchar text to insert, that get's encapsulated with 'text to insert'. But what happens when the user who submitted this data has a ' in his text, ie:
'my text to insert is 'code' forever'
So I would have to escape the middle ' characters. Hence the escaping function would be very very valuable here.
I would rather not move to using the API directly to be honest. But if that is the only way short of manually finding characters and replacing then I think I'm sunk.