<code lang="ASP">
Function mysql_escape(thisWord)
	Dim newWord
	If thisWord <> "" Then
	newWord = Replace(thisWord,"/*","")
	newWord = Replace(newWord,"*/","")
	newWord = Replace(newWord,"UNION","")
	newWord = Replace(newWord,";","\;")
	newWord = Replace(newWord,"'","&amp;rsquo;")
	newWord = Replace(newWord,"""","&amp;quot;")
	newWord = Replace(newWord,"\","\\")
	End If
	mysql_escape = newWord
End Function

Example Use:
sql = "SELECT * FROM table WHERE key = '" & mysql_escape(Request.QueryString("value")) & "'"

...

</code>