Hello everyone. I was wondering if there is a built in function which escapes MySql. Normally I don't need this because I use prepared statements which escapes everything automatically. But in this particular case I need to dynamically build the query. To prevent SQL injection I need to escape special mysql characters.

Right now I'm using StringEscapeUtils.escapeSql(String) which is part of the commons lang apache library - http://commons.apache.org/lang/api-release/index.html

From the API description this is for SQL not MySQL. So my question is does anyone know of a function which does the same thing as escapeSql but for MySql. Thanks!