How do I Include apostrophe to Textbox without Error?

I have a gridview that displays results from a textbox or dropdown filter. It works fine except when a user uses an apostrophe in the search. For example "Tommy's Company" will result in an error message that reads "The expression contains an invalid string constant: '." I've been at it for days and I can't figure it out. Is there anyway I can include the apostrophe into the textbox and still get the results without the error message?

Here's the HTML portion:

        <asp:SqlDataSource ID="NewBiddersDBsource" runat="server" ConnectionString="<%$ ConnectionStrings:BiddersDBconnection %>" 
            SelectCommand="SELECT_DefaultContractors" SelectCommandType="StoredProcedure" FilterExpression="{0} LIKE '%{1}%'"> 
            <SelectParameters>
                <asp:ControlParameter ControlID="SearchBox" DefaultValue="%" Name="Name" PropertyName="Text" Type="String" />
                <asp:ControlParameter ControlID="SearchBox" DefaultValue="%" Name="City" PropertyName="Text" Type="String" />
                <asp:ControlParameter ControlID="DDLStatus" DefaultValue="%" Name="Status" PropertyName="Text" Type="String" />
                <asp:ControlParameter ControlID="WorkList" DefaultValue="%" Name="WorkID" PropertyName="Text" Type="String" />
            </SelectParameters>
            <FilterParameters>
                <asp:ControlParameter ControlID="searchList" Name="SearchCategory" PropertyName="SelectedValue" />
                <asp:ControlParameter ControlID="SearchBox" Name="SearchField" PropertyName="Text" />
                <asp:ControlParameter ControlID="WorkList" Name="WorkID" PropertyName="SelectedValue" />
            </FilterParameters>
        </asp:SqlDataSource>

" target="_blank">Select

This is the C# portion:

string connectionString = ConfigurationManager.ConnectionStrings["BiddersDBConnection"].ConnectionString; SqlConnection conn = new SqlConnection(connectionString);

        SqlCommand cmd = new SqlCommand();
        cmd.Connection = conn;

        cmd.CommandType = CommandType.StoredProcedure;

        string nameSearch = SearchBox.Text.Replace("'","''");
        cmd.CommandText = ("SELECT_AllBidders");
        cmd.Parameters.Add("@Name", SqlDbType.VarChar, 200).Value = nameSearch;

        conn.Open();
        cmd.ExecuteNonQuery();

This is from the SQL portion:

CREATE PROCEDURE [dbo].[SELECT_DefaultContractors]
@Name varchar, @City varchar, @Status varchar, @WorkID varchar(50)
AS
BEGIN

SET NOCOUNT ON;


SELECT DISTINCT
    Bidders.Id, Bidders.Name, Bidders.Address, Bidders.City, Bidders.State,
    Bidders.Zip, Bidders.Phone, Bidders.Fax, Bidders.Email, Bidders.Status,
    Bidders.Denied, MWBE_Types.Code AS MWBE
FROM 
    PW_Contractors.dbo.Bidders LEFT JOIN PW_Contractors.dbo.Preqs ON 
    PW_Contractors.dbo.Bidders.Id = PW_Contractors.dbo.Preqs.BidderID
    LEFT JOIN PW_Contractors.dbo.MWBE_Types ON PW_Contractors.dbo.Bidders.MWBE =
    PW_Contractors.dbo.MWBE_Types.MWBEID
WHERE 
    Name LIKE '%' + @Name + '%' OR
    City LIKE '%' + @City + '%' AND Status LIKE '%' + @Status + '%' AND
    WorkID LIKE @WorkID  OR WorkID IS NULL ORDER BY Name ASC;
END