So far as I know Oracle doesn't require you to escape string values so:

据我所知，Oracle 不要求您转义字符串值，因此：

INSERT INTO some_table (my_varchar_column) VALUES ('my string with a ?');

should work.

应该管用。

But to be sure use a java.sql.PreparedStatementas follows:

但要确保使用 ajava.sql.PreparedStatement如下：

PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO some_table (my_varchar_column) VALUES (?)");
preparedStatement.setString(1, "my string with a ?");
preparedStatement.execute();

Using a prepared statement is generally the recommended way to execute SQL against a database. It will aid performance and help prevent SQL injection attacks.

使用准备好的语句通常是对数据库执行 SQL 的推荐方法。它将有助于提高性能并有助于防止 SQL 注入攻击。

The only character that needs escaping in a SQL string constant is the single quote, for the obvious reason that it could otherwise be confused for the end of the string.

SQL 字符串常量中唯一需要转义的字符是单引号，原因很明显，否则它可能会与字符串的结尾混淆。

If you are using JDBC PreparedStatement's, then a question mark by itself stands for a parameter. You would write something like

如果您使用的是 JDBC PreparedStatement，那么问号本身就代表一个参数。你会写一些类似的东西

insert into mytable (field1, field2) values (?, ?)

插入到 mytable (field1, field2) 值 (?, ?)

and then use set statements to set these values. If you enclose the question mark in quotes, then it should just be another character in a string, i.e.

然后使用 set 语句来设置这些值。如果您将问号括在引号中，那么它应该只是字符串中的另一个字符，即

insert into mytable (field1, field2) values (?, '?')

插入 mytable (field1, field2) 值 (?, '?')

has ONE parameter ? and one string literal '?'.

有一个参数？和一个字符串文字 '?'。

PreparedStatement.set will do the necessary escaping of quotes. If you build the query yourself, you'll need to include code to do that escaping. (Just double the quote, e.g.

PreparedStatement.set 将执行必要的引号转义。如果您自己构建查询，则需要包含代码来进行转义。（只需将引号加倍，例如

insert into mytable (field1) values ('Bob said, ''Hello''')

插入 mytable (field1) 值（'Bob said, ''Hello'''）