escape string for pgsql (using jdbc/java)?

Hi,

I'm writing a servlet that gets a few strings and puts them into a pgsql
database. In assembling an insert statement such as

INSERT INTO table column1='value1' column2='value2'

etc., of course I have to make sure an attacker can't put things into value1
that will breaky my system (such as something that contains a ' which will
then be interpreted as terminating the string). In other words, I have to
escape value* so that it's safe to use in an sql statement (more
specifically inside a string).

I was previously using MySQL and escaped strings following the document at:

    http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html

But I couldn't find a corresponding specification for pgsql. The only way of
doing this through JDBC that I'm aware of is to prepare a statement first,
which just seems wrong because my insert statement is generated dynamically
and executed exactly once (the subset of the columns for which a value is
actually set change every time the code is run).

So,

   1.) Is there a built-in method somewhere in the jdbc driver that escapes
       strings and makes them safe to use in an SQL statement (inside a
       string)?

   2.) Which characters do I need to escape for pgsql? Is ' the only one,
       and I need to escape it as '' ? Do I need to escape \ ? Will I need to
       escape all the characters that I escaped for MySQL? Where can I find
       out more?

Cheers,

   Tobias