On Jan 17, 2011, at 8:42 PM, Matthew Wild wrote: > LuaSQL doesn't even have a documented way > to use escape data appropriately for the target DB engine (!). Well, lets not overstate the case... while perhaps the documentation is not up-to-date... most drivers implement an escape function nonetheless... https://github.com/keplerproject/luasql/blob/master/src/ls_firebird.c#L563 https://github.com/keplerproject/luasql/blob/master/src/ls_mysql.c#L351 https://github.com/keplerproject/luasql/blob/master/src/ls_postgres.c#L373 https://github.com/keplerproject/luasql/blob/master/src/ls_sqlite.c#L500 https://github.com/keplerproject/luasql/blob/master/src/ls_sqlite3.c#L319 But yes, not as nice as a proper prepared statement. Oh, well...