To add the the previous solutions, it looks like the data used in the condition is coming from the user interface.
If that is the case, you should use parameters. One thing is that this way you avoid risk of SQL injection but also this takes away the need to escape the special characters.
For an example, have a look at
MySqlCommand.Parameters Property[
^]