Everything is shown in MySQL documentation; was to so hard to consult it?
This is how to escape ' " and other characters:
http://dev.mysql.com/doc/refman/5.0/en/string-literals.html[
^].
However, it's possible that the root problem is different. Do you obtain SQL query by concatenating some SQL language constructs with data? Even if it works, this is not a right thing to do. You should better use
parametrized statements instead. Please see:
http://msdn.microsoft.com/en-us/library/ms254953.aspx[
^],
http://msdn.microsoft.com/en-us/library/yy6y35y8%28v=vs.80%29.aspx[
^].
Not only it's generally better and will help you to avoid escaping problems, it's also much safer, which is very important. In particular, it can help you to get protected from a well-known exploit called
SQL injection:
http://en.wikipedia.org/wiki/SQL_injection[
^].
Note the section
3.1 explaining the importance of parametrized statements.
—SA