Im modifying my work's website and I need some advice. I'm trying to figure out how I can avoid injection attacks, while still accepting valid input.

An example is: if a user types an apostrophe (don't), it checks for the apostrophe and then converts it to empty (dont). So if an article that is being searched for really has "don't" in it, the search list will not display it, because it converted the word to "dont".

I thought of a solution but dont know if it will work entirely.

if (rd.SearchString.Contains("don't") & repeat for all words with apostrophes))
{
goto Label;
}
rd.SearchString.Replace("'", ""); //this is the injection attack blocker
Label:
//apply results and get the list


My thoughts are, if a user is really putting in a valid word with an apostrophe in it, then it should avoid the injection attack blocker.