How to escape special characters used in SQL query?

Is there a Java library for escaping special characters from a st开发者_如何学编程ring that is going to be inserted into an SQL query.

I keep writing code to escape various things, but I keep finding some new issue trips me up. So a library that takes care of all or most of the possibilities would be very handy.

EDIT: I am using MySQL (if that makes any difference).

Well... jdbc. Pass the strings as parameters, and don't append them to the query string

A little bit more research points me to this:

http://devwar.blogspot.com/2010/06/how-to-escape-special-characters-in.html

Which suggests to use apache.commons.lang.StringEscapeUtils, I will try this out

I know this is a long time thread, but using the commonslang library there is a method called escapeSql(String). Also using prepared statement automatically escape the offending SQL character.