Option 1) create your own parse to escape apostrophe and any other special charaters for your specific database, and then write that code from scratch if you ever change databases.
Option 2) Use a PreparedStatement (it does all the escaping for you)
Smitha, If you are using JDBC, use a PreparedStatement. If not, post what database you are using. It's different for each one. For example, in Oracle you set an escape character.