Use a parameterized query:
string test = "O' what happened?";
using (SqlConnection cnx = new SqlConnection(connectionString)) {
cnx.Open();
using (SqlCommand cmd = new SqlCommand("INSERT INTO [TestTable] ([TestField]) VALUES (@value)", cnx)) {
cmd.Parameters.AddWithValue("@value", test);
int result = cmd.ExecuteNonQuery();
}
}
Moreover, it will have the advantage of bulletproofing your code to SQL injection attacks.
Parameterized queries should be used everywhere user input is involved.
Good luck :)