Quotation error on SQL query

Hello,
Im using a form program that connecting to a access db.  It is working normally. But when I use " ' " in SQL query, Im getting;

Syntax error in string in query expression 'na'me'.

This is SQL injection problem I think but I dont how to solve?

...
 while (dongu < satir_sayisi)
  {
  string query = "SELECT * FROM name WHERE name='" + str[dongu] + "\'";
  OleDbCommand komut = new OleDbCommand(query, conn);
  OleDbDataReader rdr;  ---> error on this line
  rdr = komut.ExecuteReader();
...