Function mysql_escape(thisWord)
        Dim newWord
        If thisWord <> "" Then
        newWord = Replace(thisWord,"/*","")
        newWord = Replace(newWord,"*/","")
        newWord = Replace(newWord,"UNION","")
        newWord = Replace(newWord,";","\;")
        newWord = Replace(newWord,"'","&amp;rsquo;")
        newWord = Replace(newWord,"""","&amp;quot;")
        newWord = Replace(newWord,"\","\\")
        End If
        mysql_escape = newWord
End Function

Example Use:
sql = "SELECT * FROM table WHERE key = '" & mysql_escape(Request.QueryString("value")) & "'"

...