How to parse hyphen in form post?

I am doing a form post to get a description input from user.

I am using Oracle database. When the data entered consist of ', (, ) it will break the sql Statement. What can I do to solve this problem?
Thank you.

Not a JSP question, so I'm moving this along to the JDBC forum.

Chuan,
You can either escape the special characters (like single quote) with a backslash or use a prepared statement. I recommend the prepared statement because it takes care of these details for you.

I am learning this from Mastering JSP chapter 13 which uses the connection manager bean. The sample code from the book is such:

The code seems tidy from a JSP page. however if it's a form post, and the l_username contains hyphen or ' or ), the sql statement breaks. How do I incorporate prepare statement in the above situation?

Sun's short course has a good example. Just scroll down to the section on prepared statements.
Since the example was from a book on JSPs, the author was probably trying to explain how to do a query in the most basic way than to provide an extremely robust solution.