[SQL] Character escaping

SELECT sys.Netbios_Name0, arp.InstallDate0, arp.DisplayName0 FROM v_R_System sys JOIN v_Add_Remove_Programs arp ON sys.ResourceID = arp.ResourceID JOIN v_FullCollectionMembership fcm ON sys.ResourceID=fcm.ResourceID WHERE arp.DisplayName0 LIKE '$SearchString' AND fcm.CollectionID='SMS00004'

Exception calling "Fill" with "1" argument(s): "Incorrect syntax near '09'.
Unclosed quotation mark after the character string ''."
At \\PATH\Script.ps1
:1201 char:18
+     $SqlAdapter.Fill <<<< ($SqlDataSet) | Out-Null
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

SELECT sys.Netbios_Name0, arp.InstallDate0, arp.DisplayName0 FROM v_R_System sys JOIN v_Add_Remove_Programs arp ON sys.R
esourceID = arp.ResourceID JOIN v_FullCollectionMembership fcm ON sys.ResourceID=fcm.ResourceID WHERE arp.DisplayName0 L
IKE 'Articulate Studio '09 Pro' AND (sys.Netbios_Name0 = '') AND fcm.CollectionID='SMS00004'

If ($SearchString.Contains"'"){$SearchString.Replace("'","''"}

If ($SearchString.Contains"'"){$SearchString.Replace("'","''"}

If ($Test)
    {
    $FirstPassed = $False
    ForEach ($Computer in $Computers)
        {
        If ($FirstPassed -EQ $False)
            {
            $Selection = "(sys.Netbios_Name0 = '" + $($Computer.Name) + "'"
            $FirstPassed = $True
            }
        Else
            {
            $Selection = $Selection + " OR sys.Netbios_Name0 = '" + $($Computer.Name) + "'"
            }
        }
    $Selection = $Selection + ")"
    $SqlQuery = "SELECT sys.Netbios_Name0, arp.InstallDate0, arp.DisplayName0 FROM v_R_System sys JOIN v_Add_Remove_Programs arp ON sys.ResourceID = arp.ResourceID JOIN v_FullCollectionMembership fcm ON sys.ResourceID=fcm.ResourceID WHERE arp.DisplayName0 LIKE '$SearchString' AND $Selection AND fcm.CollectionID='SMS00004'"
    }

$SearchString = $SearchString.Replace("'","''").Replace("%","'%").Replace("_","'_")

#Originele code (simplified) die een error zal genereren door de apostrof
$SearchString = "Articulate Studio '09 Pro"
$SqlServer = "SQLCluster.yellow.local"
$SqlDBName = "SMS_Yellow"
$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlConnection.ConnectionString = "Server = $SqlServer; Database = $SqlDBName; Integrated Security = True"
$SqlCmd.Connection = $SqlConnection
$SqlDataSet = New-Object System.Data.DataSet
$SqlQuery = "SELECT sys.Netbios_Name0, arp.InstallDate0, arp.DisplayName0 FROM v_R_System sys JOIN v_Add_Remove_Programs arp ON sys.ResourceID = arp.ResourceID JOIN v_FullCollectionMembership fcm ON sys.ResourceID=fcm.ResourceID WHERE arp.DisplayName0 LIKE '$SearchString' AND fcm.CollectionID='SMS00004'"
$SqlCmd.CommandText = $SqlQuery
$SqlAdapter.SelectCommand = $SqlCmd
$SqlAdapter.Fill($SqlDataSet) | Out-Null
$colComputers = $SqlDataSet.Tables[0]
$SqlConnection.Close()

-- =============================================
-- Author:      YellowOnline
-- Create date: 25/01/2013
-- Description: Returns computers with a specific application installed and the install date

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE GetComputersWithSpecificSoftware 
    @SearchString nvarchar(50)= 0, 
    @CollectionID nvarchar(8) = 0
AS
BEGIN
    SET NOCOUNT ON;
    SELECT sys.Netbios_Name0, arp.InstallDate0, arp.DisplayName0 FROM v_R_System sys JOIN v_Add_Remove_Programs arp ON sys.ResourceID = arp.ResourceID JOIN v_FullCollectionMembership fcm ON sys.ResourceID=fcm.ResourceID WHERE arp.DisplayName0 LIKE @SearchString AND fcm.CollectionID=@CollectionID
END
GO

#Nieuwe code (simplified)
$SearchString = "Articulate Studio '09 Pro"
$SqlServer = "SQLCluster.yellow.local"
$SqlDBName = "SMS_Yellow"
$CollectionID = "SMS00004"
$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = "Server = $SqlServer; Database = $SqlDBName; Integrated Security = True"
$SqlCmd = $SqlConnection.CreateCommand()
$SqlCmd.CommandText = "EXEC dbo.GetComputersWithSpecificSoftware  @SearchString, @CollectionID"
$SqlCmd.Parameters.AddWithValue("@SearchString", $SearchString) | Out-Null
$SqlCmd.Parameters.AddWithValue("@CollectionID", $CollectionID) | Out-Null
$SqlDataAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $SqlCmd
$SqlDataSet = New-Object System.Data.Dataset
$SqlDataAdapter.Fill($SqlDataSet) | Out-Null
$colComputers = $SqlDataSet.Tables[0]
$SqlConnection.Close()

$SearchString = "Articulate Studio '09 Pro"
$SqlServer = "SQLCluster.yellow.local"
$SqlDBName = "SMS_Yellow"
$CollectionID = "SMS00004"
$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = "Server = $SqlServer; Database = $SqlDBName; Integrated Security = True"
$SqlCmd = $SqlConnection.CreateCommand()
$SqlCmd.CommandText = "SELECT sys.Netbios_Name0, arp.InstallDate0, arp.DisplayName0 FROM v_R_System sys JOIN v_Add_Remove_Programs arp ON sys.ResourceID = arp.ResourceID JOIN v_FullCollectionMembership fcm ON sys.ResourceID=fcm.ResourceID WHERE arp.DisplayName0 LIKE @SearchString AND fcm.CollectionID=@CollectionID"
$SqlCmd.Parameters.AddWithValue("@SearchString", $SearchString) | Out-Null
$SqlCmd.Parameters.AddWithValue("@CollectionID", $CollectionID) | Out-Null
$SqlDataAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $SqlCmd
$SqlDataSet = New-Object System.Data.Dataset
$SqlDataAdapter.Fill($SqlDataSet) | Out-Null
$colComputers = $SqlDataSet.Tables[0]
$SqlConnection.Close()