#20 Escape special characters in user input fields

[Stephan Vollmer]

Special characters (especially ', ", etc.) should be
properly escaped before they are used in a DB query.
The main reason for this is to prevent syntax errors
during query execution and problems with SQL injection.