This is a tool first I made for my self and then made public to craft sql injection commands without any problems of unescaped quote marks. Just type your text and it will be converted to a concat'ed expression adjusted to your db engine.
Put text which you don't want to be escaped in double dollar sign, like
$$users.password$$, an example:
when postgreSQL selected!
when MySQL selected!