asp.net - string with 's not getting inserted with insert statement -

i trying insert question in database field in table nvarchar(max) (sql server 2008 r2)

code follows:

protected sub btnsave_click(byval sender object, byval e system.eventargs) handles btnsave.click     gc.executecommand("insert questionmaster values('" & txtquestion.text & "','" & viewstate("clientid") & "','" & viewstate("kioskid") & "')")     response.write("<script type='text/javascript' language='javascript'>alert('question added sucessfully!!!')</script>")     bindgrid() end sub 

when insert string :

what's name?  

then gives me error:

incorrect syntax near 's'. unclosed quotation mark after character string ')'.

if supply string as:

what name? 

then not gives me error.

please me.

you escape single quote replacing single quote (') 2 single quotes ('') in txtquestion.text.

protected sub btnsave_click(byval sender object, byval e system.eventargs) handles btnsave.click     gc.executecommand("insert questionmaster values('" & txtquestion.text.replace("'", "''") & "','" & viewstate("clientid") & "','" & viewstate("kioskid") & "')")     response.write("<script type='text/javascript' language='javascript'>alert('question added sucessfully!!!')</script>")     bindgrid() end sub