#40 single quote in text field kills query

[Anonymous]

1) Create an item.
2) Create a text box.
3) Assign #2 to #1.
4) Enter some text in the text box. Insert one
single-quote anywhere: '
5) Hit enter
6) DB error

[Nobody/Anonymous]

Logged In: NO

fails with this error...

UPDATE `anyInventory_values` SET `value`='May10: '127 is probably good. New card
shows same symptoms.' WHERE `item_id`='148' AND `field_id`='25'

I typed a single-quote before 127, to show that it was shorthand for
a much longer serial-number ending in "127".

It looks like the text box input was not scrubbed for unapproved
characters before the query was generated.