Preparing SQLite SQL statements in PHP
You don't escape the entire query. You escape unsafe data you're inserting into the query, e.g.
$unsafe = $_GET['nastyvar'];$safe = SQLite3::escapeString($unsafe);$sql = "INSERT INTO table (field) VALUES ($safe);";echo ($sql);