If possible don't sanitize your strings. Use parameterized queries instead, as they handle all sanitization.

For MS-SQL

	//Convert single quotes to two single quotes
	TagDescription = TagDescription->Replace("'", "''");

For MySQL

	//Convert single quotes to two single quotes
	TagDescription = TagDescription->Replace("'", "\'");