(skipping the MVC part, and reverting to the original question)
Additionally, how would I use the prepared statement to fix the problem of things like apostrophes.
Moojid has pointed you to the right approach.
if you create an SQL statement with PreparedStatement, you bind your values to the query, in stead of inserting them.
Magically, all your apostrophe problems are gone. No escapes hassle or anything.
It's not difficult. Give it a try.