[patch attached] SQL queries not being escaped
|Reported by:||dexen deVries||Owned by:||Brett Smith|
When you enter a character which is special to SQLite into input field (comment, but also username), like a single quote, the resulting query is invalid. This may also lead to SQL injection. Attached patch attempts to fix it.