You should be using cfqueryparam
Something like this will work
<cfset userEnteredData = "I'm using apostrophes">
<cfquery>
INSERT INTO data (userText)
VALUES (<cfqueryparam cfsqltype="cf_sql_varchar" value="#userEnteredData#">)
</cfquery>
EDIT
Do this for three reasons:
- This creates a "bind variable", which (among other things) protects against SQL Injection attacks.
CFQUERYPARAM
automatically escapes quotes and apostrophes.- If you're passing a list of variables, it will correctly escape the list based on the cfsqltype if you use the
list
attribute.