Safely inserting data into SQLite database with apostrophe

I am trying to create a table in a SQLite database based on user provided text. Everything was working correctly, except when I tried to add an apostrophe inside the text (which was to be the new table name). After research, I determined that what I was doing is not the best practice as is vulnerable to injection:

    const char *sqlStr = [[NSString stringWithFormat:@"CREATE Table '%@' ('Name' 'char(50)','ID' 'integer')",theString]UTF8String];

So I am trying to find a way to allow apostrophes to be included in the table name and safely inserting the value into the database. I have read about binding values, but is this possible with the 'CREATE TABLE' statement? Or only when you insert data into an already existing table开发者_运维知识库?

Thanks for your help.

From the documentation:

A string constant is formed by enclosing the string in single quotes ('). A single quote within the string can be encoded by putting two single quotes in a row - as in Pascal.

Thus:

[theString stringByReplacingOccurrencesOfString:@"'" withString:@"''"];