That code is just "ugly": the advice really is manipulate the DOM instead.
That said, it is not even just about escaping quotes within quotes: html
attributes should be html-encoded (no built-in function to do this, anyway
there are only 4 characters to escape: ", <, >, and &), plus url parameters
should be url-encoded (use encodeURIComponent there).
Anyway, assuming your attributes (your oid in particular) need no encoding,
here is how a single-quoted string looks like:
'<br><input type="button" value="Update" ' +
'onclick="doSomething("' + oid + '")">' +
' ' +
'<a href="mycomment.cfm?Number=' + oid + '" target="_new">Comment</a>'
And here is the double-quoted one, for comparison:
"<br><input type=\"button\" value=\"Update\" " +
"onclick=\"doSomething("" + oid + "")\">" +
" " +
"<a href=\"mycomment.cfm?Number=" + oid + "\" target=\"_new\">Comment</a>"
Not tested, there may be typos: but you get the picture...
HTH,
Julio