There are a few characters and words you need to escape while using Sitecore query. You can escape special characters wrapping them in a #. For example a hyphen in a query needs to be escaped.
string query = "/sitecore/content//*[@#site-title#=’Example Value’]";
In the previous example we use the single quote (‘) to wrap the field value. Using a single quote in the field value will break the parser. At this point you can use an escaped double quote to wrap the field value containing the single quote.
string query = "/sitecore/content//*[@#site-title#=<strong>"</strong>It’s great<strong>"</strong>]";
There is also a list of words that needs to escaped when used in the path (before //*), there words are :
string query = "/sitecore/content/#this or that#/*[@#site-title#="Example Value"];
More information about the Sitecore Query Syntax on SDN: