Escaping single quotes and double quotes in a string in dart

Does the database support bind parameters? If not, does the package you are using to talk to the database have a string escape function?

Those will work better than doing it manually, especially since there can be very unsafe stuff in the user input beyond quotes. If you are manually putting together a query string and sending it to the DB it will be open to SQL attacks.

For your immediate question, you are replacing with single quotes in both places. Assuming you can escape quotes by prefixing with a slash it should look like .replaceAll('"', '\\"').

Please look for a more secure way to sanitize user input.