XULRunner42
commented
13 years ago https://github.com/XULRunner42/ferite-modules/commits/quoteparam
there are a couple of steps toward debugging here, sanity checking that ferite_quote_internal actually does what you think (strings come out with escape characters in them) and a single example to blow up the query engine
res = dbh.query("INSERT INTO testtable (testrecord1, testrecord2)" + " VALUES (?, ?)", "string %' ' ' ' '", 'zxcvqwer');
is expected to work, but the single quote causes an error. Still an error if you use dbh.quote("string ' % '") for the parameter, which you shouldn't have to do anyway.
Error returned from errstr() looked like 1: near "zxcvqwer": syntax error