What is the best way to escape SQL in Saxon? Is it possible to do something like this?
<xsl:variable name="sql-value" select="$field-value => org.apache.commons.lang.StringEscapeUtils.escapeSql()"/>
If so, would I just need to include this jar file? Or is there a better way?
With Saxon-PE or -EE you can make calls directly from XPath expressions to Java methods. These are referred to as "reflexive extension functions" and are described at https://www.saxonica.com/documentation12/index.html#!extensibility/extension-functions-J/reflexive-functions
I haven't managed to track down the spec of org.apache.commons.lang.StringEscapeUtils.escapeSql() but if it's a simple static method taking a string argument and returning a string result then you can call it as:
select="$field-value => Q{java:org.apache.commons.lang.StringEscapeUtils}escapeSql()"/>
If you want to do this with the open-source Saxon-HE then you'll need to jump through a few more hoops and write some Java wrapper code: all is explained at