encode/decode

Hello--
I have a question...I'm writing a application that takes input from a users and stores that data in a Oracle database. One of the fields on the input form is a comments field. I first thought was to use JavaScript to not allow the users to enter in things like... ', +, = or anything that would cause the database update not to work. But then I ran across encode and decode but I'm sure how I and when to use them. Help please!

If you are bulding a string like "INSERT INTO COMMENT ..." with your comment text inline you can get into trouble with special characters like that. If you use a prepared statement instead you can avoid those headaches. Or you can look at the Apache StringEscapeUtils which has an escapeSql() method

I looked at that but will that allow me to store that single quote on the database?...

I would advise to do anything that makes the input acceptable to the DB on the server. Not everybody has JavaScript enabled, and in any case client-side checks can be circumvented easily by malicious users. You should also read up on "SQL injection", and make sure that your application is not susceptible to it. Basically, any user input that finds its way into the DB should be treated with suspicion, and be verified. The Security FAQ has some links to articles on this.