If you are bulding a string like "INSERT INTO COMMENT ..." with your comment text inline you can get into trouble with special characters like that. If you use a prepared statement instead you can avoid those headaches. Or you can look at the Apache StringEscapeUtils which has an escapeSql() method
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
posted 14 years ago
I looked at that but will that allow me to store that single quote on the database?...
I'm not sure if I approve of this interruption. But this tiny ad checks out:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop