unclosed quote mark after the character string java

Question

i am reading 3 pakets like mail to mail subject and mail message bu but when i am inserting data into database i got this error here is a somne part of code

aSocket.receive(to);
String towards=new String(to.getData());
System.out.println(towards);
aSocket.receive(sub);
String subject=new String(sub.getData());
aSocket.receive(msg);
String message=new String(msg.getData());
sendedmail(towards,subject,message,username);

public void sendedmail(String to,String sub,String msg,String from){
    try{
        Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    }catch(ClassNotFoundException ex){
        JOptionPane.showMessageDialog(null,ex.getMessage());
    }
    try{
        Connection con=DriverManager.getConnection("jdbc:odbc:udp");
        Statement st=con.createStatement();
        int status=0;
        String query;
        query = "INSERT INTO emails(emailto, emailfrom, message, userstatus, subject) VALUES('"+to+"','"+from+"','"+msg+"','"+status+"','"+sub+"')";
        int f=st.executeUpdate(query); 
        if(f==1){
            System.out.println("row inserted");
        }
        else
        {
            System.out.println("row not inserted");
        }  
    }catch(SQLException ex){
        JOptionPane.showMessageDialog(null,ex.getMessage());
    }

Answer 1

In SQL, quotes are escaped by doubling them, eg:

insert ... values ('O''Brien');

So you need to replace all quotes with doubled quotes:

 str = str.replace("'", "''");

---

Oh, and it's been about 15 years since you needed to load the JDBC driver class before using it; just delete the whole first try-catch.