does not recognize query string containing '

I am querying some data from the database and inserting data. Whenever the user inserts开发者_Go百科 with ' I have a problem that the query does not regconize.

How can I get rid of that? should I use: string.replace(''', '"') ? or any other trick?

Thanks in advance.

You should be using parameterized queries. It's dangerous to insert unprocessed user input on a query, it's an open door to SQL-Injection attacks.

Those are queries in the form

SELECT * FROM USERS where USER_ID = ?

The value of ? is set programmatically with a query.setString(1, userId) call, and the driver takes care of escaping everything correctly. It's not a burden you want to have on your shoulders.

Besides to what Xavi López has posted (and you really should keep that in mind), to have a single quote in a string you need to write two single quotes, e.g.:

myString := 'I''m writing an answer';

This represents the string I'm writing an answer.