MS ACCESS Insert Query

Im in great trouble. please help me.
Im using MS ACCESS DataBase. My database stores the URL of websites. Im inserting the URL into my database as follows :

string sql = "insert into url_tab values('" + textbox1.text + "','" + textbox2.text + "')";
OleDbCommand od = new OleDbCommand(sql, oc); // oc=connection object
od.ExecuteNonQuery();

//textbox1 -> reads URL
//textbox2 -> reads password

where my problem arises is, when a user types-in password that contains a single-quotes; then an excepetion is thrown due

to the presence of single quotes. Also the typed-in URL contains back-slah (\\) and dotes(.) ; which will also throws an

exception.
But if im entering text without special character, the insertion happens nicely.

Is there any way to insert values into the table other than the method mentioned above, so that i can insert the value into

table smoothly without any exception.

However, i can solve this problem by using stored-procedure in SQL Server. But im forced to stick on to ACCESS.
Or else, if i want using SQL Server, what all things i've to install on the end-users machine, at the time of deployment.

Because, if we are using MS ACCESS, it is not necessary that the end-user should install MS ACCESS. I've SQL 2005 with me.

Please do help me.
Tankz.