--- a/src/lib-sql/driver-mysql.c	Tue May 30 18:10:30 2006 +0300
+++ b/src/lib-sql/driver-mysql.c	Wed May 31 14:02:50 2006 +0300
@@ -337,6 +337,23 @@
 	return 0;
 }
 
+static char *
+driver_mysql_escape_string(struct sql_db *_db, const char *string)
+{
+	struct mysql_db *db = (struct mysql_db *)_db;
+	const struct mysql_connection *conn;
+	size_t len = strlen(string);
+	char *to;
+
+	/* All the connections should be identical, so just use the first one */
+	conn = array_idx(&db->connections, 0);
+
+	to = t_buffer_get(len * 2 + 1);
+	len = mysql_real_escape_string(conn->mysql, to, string, len);
+	t_buffer_alloc(len + 1);
+	return to;
+}
+
 static void driver_mysql_exec(struct sql_db *_db, const char *query)
 {
 	struct mysql_db *db = (struct mysql_db *)_db;
@@ -574,6 +591,7 @@
 	_driver_mysql_deinit,
 	driver_mysql_get_flags,
         driver_mysql_connect_all,
+        driver_mysql_escape_string,
 	driver_mysql_exec,
 	driver_mysql_query,
 	driver_mysql_query_s,

--- a/src/lib-sql/driver-pgsql.c	Tue May 30 18:10:30 2006 +0300
+++ b/src/lib-sql/driver-pgsql.c	Wed May 31 14:02:50 2006 +0300
@@ -441,6 +441,22 @@
 	i_error("pgsql: sql_exec() failed: %s", last_error(db));
 }
 
+static char *driver_pgsql_escape_string(struct sql_db *_db, const char *string)
+{
+	struct pgsql_db *db = (struct pgsql_db *)_db;
+	size_t len = strlen(string);
+	char *to;
+
+	to = t_buffer_get(len * 2 + 1);
+#ifdef HAVE_PQESCAPE_STRING_CONN
+	len = PQescapeStringConn(db->pg, to, string, len, NULL);
+#else
+	len = PQescapeString(to, string, len);
+#endif
+	t_buffer_alloc(len + 1);
+	return to;
+}
+
 static void driver_pgsql_exec(struct sql_db *db, const char *query)
 {
 	struct pgsql_result *result;
@@ -758,6 +774,7 @@
 	_driver_pgsql_deinit,
         driver_pgsql_get_flags,
 	driver_pgsql_connect,
+	driver_pgsql_escape_string,
 	driver_pgsql_exec,
 	driver_pgsql_query,
 	driver_pgsql_query_s,

--- a/src/lib-sql/driver-sqlite.c	Tue May 30 18:10:30 2006 +0300
+++ b/src/lib-sql/driver-sqlite.c	Wed May 31 14:02:50 2006 +0300
@@ -2,6 +2,7 @@
 
 #include "lib.h"
 #include "str.h"
+#include "strescape.h"
 #include "sql-api-private.h"
 
 #ifdef BUILD_SQLITE
@@ -88,6 +89,12 @@
 	return SQL_DB_FLAG_BLOCKING;
 }
 
+static char *driver_sqlite_escape_string(struct sql_db *_db __attr_unused__,
+					 const char *string)
+{
+	return t_strdup_noconst(str_escape(string));
+}
+
 static void driver_sqlite_exec(struct sql_db *_db, const char *query)
 {
 	struct sqlite_db *db = (struct sqlite_db *)_db;
@@ -338,6 +345,7 @@
 	_driver_sqlite_deinit,
 	driver_sqlite_get_flags,
 	driver_sqlite_connect,
+	driver_sqlite_escape_string,
 	driver_sqlite_exec,
 	driver_sqlite_query,
 	driver_sqlite_query_s,

--- a/src/lib-sql/sql-api-private.h	Tue May 30 18:10:30 2006 +0300
+++ b/src/lib-sql/sql-api-private.h	Wed May 31 14:02:50 2006 +0300
@@ -12,6 +12,7 @@
 	enum sql_db_flags (*get_flags)(struct sql_db *db);
 
 	int (*connect)(struct sql_db *db);
+	char *(*escape_string)(struct sql_db *db, const char *string);
 	void (*exec)(struct sql_db *db, const char *query);
 	void (*query)(struct sql_db *db, const char *query,
 		      sql_query_callback_t *callback, void *context);

--- a/src/lib-sql/sql-api.c	Tue May 30 18:10:30 2006 +0300
+++ b/src/lib-sql/sql-api.c	Wed May 31 14:02:50 2006 +0300
@@ -66,6 +66,11 @@
 	return db->connect(db);
 }
 
+char *sql_escape_string(struct sql_db *db, const char *string)
+{
+	return db->escape_string(db, string);
+}
+
 void sql_exec(struct sql_db *db, const char *query)
 {
 	db->exec(db, query);

--- a/src/lib-sql/sql-api.h	Tue May 30 18:10:30 2006 +0300
+++ b/src/lib-sql/sql-api.h	Wed May 31 14:02:50 2006 +0300
@@ -37,6 +37,9 @@
    1 if we are fully connected now. */
 int sql_connect(struct sql_db *db);
 
+/* Escape the given string if needed and return it. */
+char *sql_escape_string(struct sql_db *db, const char *string);
+
 /* Execute SQL query without waiting for results. */
 void sql_exec(struct sql_db *db, const char *query);
 /* Execute SQL query and return result in callback. */