But no, seriously, you should be using a library or something that sanitizes your SQL queries for you. If you aren't constructing the query string yourself, you should be okay.