MySQL (nonstandardly) allows you to use double-quotes as delimiters of string literals:

SELECT * FROM Accounts WHERE first_name = "Mel"

You would run into trouble if you interpolated content into your SQL string literal, and your content contained double-quotes:

SELECT * FROM Articles WHERE description = "She said, "Murder"!"

This can be a simple accident, and this probably just causes a syntax error. But attackers can also exploit this cleverly to make your queries do something you didn’t intend.

UPDATE Accounts SET PASSWORD = "..." WHERE account_name = "Mel" OR "X"="X"

This could happen if the attacker claims their account name is Mel" OR "X"="X and this is called SQL Injection.

But if you escape the double-quotes in the content, you can defeat their mischief:

UPDATE Accounts SET PASSWORD = "..." WHERE account_name = "Mel\" OR \"X\"=\"X"

However, it’s simpler to use query parameters, so you ensure that content is separate from SQL code, and can never result in unintended expressions:

UPDATE Accounts SET PASSWORD = ? WHERE account_name = ?

Parameters allow you to prepare a query with placeholders, and then provide dynamic content for each placeholder when you execute. For example in PHP with PDO:

$sql = "UPDATE Accounts SET PASSWORD = ? WHERE account_name = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute( array("...", "Mel") );

See my presentation SQL Injection Myths and Fallacies for lots more information.