diff --git a/app/Controllers/API_Requests.php b/app/Controllers/API_Requests.php
index 74105ff..c52144e 100644
--- a/app/Controllers/API_Requests.php
+++ b/app/Controllers/API_Requests.php
@@ -11,7 +11,7 @@ class API_Requests extends ResourceController {
 		$raw = $this->request->getVar();
 		
 		// log to cm_tm_logs
-		$data = json_encode($raw);
+		$data = str_replace("'","''",json_encode($raw));
 		$sql = "INSERT INTO cmod.dbo.CM_TM_LOGS (URL, METHOD, BODY, LOGDATE) VALUES ('API/REQUESTS', 'POST', '$data', GETDATE())";
 		$db->query($sql);
 		
@@ -21,8 +21,8 @@ class API_Requests extends ResourceController {
 		
 		//patdata
 		$rm = $qpat['rm_number'];
-		$firstname = $qpat['patient_first_name'];
-		$lastname = $qpat['patient_last_name'];
+		$firstname = str_replace("'","''",$qpat['patient_first_name']);
+		$lastname = str_replace("'","''",$qpat['patient_last_name']);
 		$dob = $qpat['patient_dob'];
 		$dob = str_replace("-","",$dob);
 		$sex = $qpat['patient_sex'];
@@ -50,9 +50,9 @@ class API_Requests extends ResourceController {
 		$visitdesc = $qpat['visit_description'];
 		$visitdt = $qpat['visit_date_time'];
 		$agent = $qpat['agent'];
-		$agentname = $qpat['agent_name'];
+		$agentname = str_replace("'","''",$qpat['agent_name']);
 		$visittype = $qpat['visit_type'];
-		$doc = $qpat['treating_doctor'];
+		$doc = str_replace("'","''",$qpat['treating_doctor']);
 		
 		$createdt = $qdata['created'];
 		$qant = (array)$qpat['anthropometry'];