diff --git a/databend-jdbc/src/main/java/com/databend/jdbc/DatabendPreparedStatement.java b/databend-jdbc/src/main/java/com/databend/jdbc/DatabendPreparedStatement.java
index cfc0e9d5..4b83af54 100644
--- a/databend-jdbc/src/main/java/com/databend/jdbc/DatabendPreparedStatement.java
+++ b/databend-jdbc/src/main/java/com/databend/jdbc/DatabendPreparedStatement.java
@@ -1,7 +1,6 @@
 package com.databend.jdbc;
 
 import com.databend.client.StageAttachment;
-import com.databend.client.data.DatabendDataType;
 import com.databend.client.data.DatabendRawType;
 import com.databend.jdbc.cloud.DatabendCopyParams;
 import com.databend.jdbc.cloud.DatabendStage;
@@ -522,9 +521,14 @@ public void setString(int i, String s)
         checkOpen();
         if (originalSql.toLowerCase().startsWith("insert") ||
                 originalSql.toLowerCase().startsWith("replace")) {
-            batchInsertUtils.ifPresent(insertUtils -> insertUtils.setPlaceHolderValue(i, s));
+            String finalS1 = s;
+            batchInsertUtils.ifPresent(insertUtils -> insertUtils.setPlaceHolderValue(i, finalS1));
         } else {
-            batchInsertUtils.ifPresent(insertUtils -> insertUtils.setPlaceHolderValue(i, String.format("%s%s%s", "'", s, "'")));
+            if (s.contains("'")){
+                s = s.replace("'", "\\\'");
+            }
+            String finalS = s;
+            batchInsertUtils.ifPresent(insertUtils -> insertUtils.setPlaceHolderValue(i, String.format("%s%s%s", "'", finalS, "'")));
         }
     }
 
diff --git a/databend-jdbc/src/test/java/com/databend/jdbc/TestPrepareStatement.java b/databend-jdbc/src/test/java/com/databend/jdbc/TestPrepareStatement.java
index 69fbae3f..d015fcdc 100644
--- a/databend-jdbc/src/test/java/com/databend/jdbc/TestPrepareStatement.java
+++ b/databend-jdbc/src/test/java/com/databend/jdbc/TestPrepareStatement.java
@@ -395,6 +395,36 @@ public void testUpdateSetNull() throws SQLException {
         }
     }
 
+    @Test
+    public void testUpdateStatement() throws SQLException {
+        Connection conn = createConnection();
+        String sql = "insert into test_prepare_statement values (?,?)";
+        try (PreparedStatement statement = conn.prepareStatement(sql)) {
+            statement.setInt(1, 1);
+            statement.setString(2, "b");
+            statement.addBatch();
+            int[] result = statement.executeBatch();
+            System.out.println(result);
+            Assertions.assertEquals(1, result.length);
+        }
+        String updateSQL = "update test_prepare_statement set b = ? where a = ?";
+        try (PreparedStatement statement = conn.prepareStatement(updateSQL)) {
+            statement.setInt(2, 1);
+            statement.setObject(1, "c'c");
+            int result = statement.executeUpdate();
+            System.out.println(result);
+            Assertions.assertEquals(2, result);
+        }
+        try (PreparedStatement statement = conn.prepareStatement("select a, regexp_replace(b, '\\d', '*') from test_prepare_statement where a = ?")) {
+            statement.setInt(1, 1);
+            ResultSet r = statement.executeQuery();
+            while (r.next()) {
+                Assertions.assertEquals(1, r.getInt(1));
+                Assertions.assertEquals("c'c", r.getString(2));
+            }
+        }
+    }
+
     @Test
     public void testAllPreparedStatement() throws SQLException {
         String sql = "insert into test_prepare_statement values (?,?)";