Use placeholders — they'll take care of such issues...   (in addition to that, they'll also prevent potential SQL injection problems, in case the user input should come from untrusted sources...)