Escaping SQLite Strings
You should use the sqlite_escape_string() function or the SQLite3 function $db->escapeString().
With my default Ubuntu setup, I run stripslashes() on my $_POST or $_GET values before I run sqlite_escape_string() on them because single quotes and probably double quotes are already escaped.
You could probably change this with the magic quotes variable in your php.ini or something like that but I don't know off hand.
[Click to add or edit comments])
Please prepend comments below including a date