Like Davey said, in sqlplus, you can use set define off
Otherwise, you can use '\' character to escape.
insert into test_table values ('C\&G');
Doesn't work for me
SQL> create table g (col1 varchar2(30));
SQL> insert into g values ('C\&G');
Enter value for g: ?
old 1: insert into g values ('C\&G')
new 1: insert into g values ('C\?')
1 row created.
SQL> select * from g;
Substitution variables are a SQL*Plus feature, although other tools such as TOAD and PL/SQL Developer may implement something similar.
In SQL*Plus the '&' character is just the default but can be set to anything you like, or the feature can be disabled as mentioned above. Similarly an escape character can be defined using SET ESCAPE, '\' being the default character.
Outside of tools that provide a substitution variable syntax, the '&' character has no special meaning in SQL or PL/SQL.