[patch attached] SQL queries not being escaped
|Reported by:||dexen||Owned by:||tanktarta|
When you enter a character which is special to SQLite into input field (comment, but also username), like a single quote, the resulting query is invalid. This may also lead to SQL injection. Attached patch attempts to fix it.