Comment 5 for bug 1098377

Also, in general database devs strongly suggest using prepared statements with placeholders to avoid exactly these sorts of problems. Perhaps a longer-term approach would be to drop libdbi in favour of using libpq & PQexecParams directly?