Paul,
Spot on mate :) I've encountered that many a time myself.
The other way around this is to not use expressions and use parameters to inject the values instead - let the OLE DB Provider do the work for you. It goes against everything I've ever said about "Use expressions to build SQL statements dynamicaly" but here is one case where its appropriate to do it "the other way".
-Jamie
