Tor Erik Soenvisen <toreriks at hotmail.com> writes: > # Protect against SQL injection by escaping quotes Don't ever do that, safe or not. Use query parameters instead. That's what they're for.