PostgreSQL injection with basic sanitization


I’m trying to figure out if an SQLi for the following PostgreSQL/Java code exists.

public void availableItems(String name) {   return this.query("SELECT * FROM items WHERE name='"+name+"'"); } 

Assuming that in the name is sanitizing space, apostrophe and semicolon. Is it possible to make a SQLi work with this restrictions? my gut feeling tell me that I could but I’m a bit lost.