Google will find plenty of examples of bypassing simple filters like this. For example:
If you do need to introduce a string in to your attack payload, you can do this without needing to use quotes. In MySQL, the following statement:
SELECT username FROM users WHERE isadmin = 2 union select name from sqlol.ssn where name='herp derper'
is equivalent to:
SELECT username FROM users WHERE isadmin = 2 union select name from sqlol.ssn where name=0x4865727020446572706572
If you want to learn about security vulnerabilities, I'd recommend taking a training course. For example, Troy Hunt's "Hack Yourself First" course - it's not free, but it will teach you a lot more than you'll learn on your own.