You can escape it by replacing the single quote by two single quotes:
''
.
However, I suggest to use a parameterized query instead of escaping the string. Why? Because if you use string concatenation (like you do now) to create your command, you are not protected against
SQL Injection[
^]. You can use named parameters like this:
Dim queryString As String = "insert into metadata (OBJECT_NAME, TITLE, ROW_NUM1) values (:objName, :title, myDB.SEQ_ID.NEXTVAL)"
Dim command As OracleCommand = New OracleCommand(query, connection)
command.CommandType = CommandType.Text
command.Parameters.Add(":objName", OracleDbType.Varchar2).Value = strObjName
command.Parameters.Add(":title", OracleDbType.Varchar2).Value = strTitle