To answer your question directly, double the quotes.

要直接回答您的问题，请将引号加倍。

insert into person_details values (1, 'D''souza');

But I rather parameterized the query using PreparedStatement.

但我宁愿使用PreparedStatement.

Here are the PROs:

以下是 PRO：

• avoid from SQL Injection
• doesn't need to use single quotes.

• 避免 SQL 注入
• 不需要使用单引号。

example,

例子，

String str = "insert into person_details values (?, ?)";
query = con.prepareStatement(str);
query.setInt(1, 1);
query.setString(2, "D'souza");
query.executeUpdate();

• Using Prepared Statements

• 使用准备好的语句

In MySQL, you use ''for a single 'inside a string:

在 MySQL 中，您在字符串中使用''单个'：

insert into person_details values (1, 'D''souza');

Link to docs

链接到文档

But that's only for when you're providing the data literally, such as an SQL script to pre-populate a table with data you control, etc. If you're receiving that string from an external source (an end user, for instance, or an external system) then presumably you won't be writing a literal, but rather using a string variable. In that case, you want to use prepared statements as JW. describes in his answer. Why: http://xkcd.com/327/

但这仅适用于您按字面提供数据时，例如使用您控制的数据预先填充表的 SQL 脚本等。如果您从外部源（例如，最终用户）接收该字符串，或外部系统）然后大概你不会写文字，而是使用字符串变量。在这种情况下，您希望将准备好的语句用作JW。在他的回答中描述。为什么：http: //xkcd.com/327/

You could also use "

你也可以使用 "

insert into person_details values (1, "D'souza");

Why dont you use PreparedStatements

为什么不使用PreparedStatements

It will also take care of SQL Injections

它还将处理 SQL 注入