--- /dev/null
+diff -urN proftpd-1.2.5rc1/contrib/mod_sql_postgres.c proftpd-1.2.5rc1-debian/contrib/mod_sql_postgres.c
+--- proftpd-1.2.5rc1/contrib/mod_sql_postgres.c 2003-06-19 15:32:52.000000000 +0200
++++ proftpd-1.2.5rc1-debian/contrib/mod_sql_postgres.c 2003-06-19 15:38:14.000000000 +0200
+@@ -1088,6 +1088,8 @@
+ {
+ conn_entry_t *entry = NULL;
+ db_conn_t *conn = NULL;
++ char *unescaped = NULL;
++ char *escaped = NULL;
+
+ log_debug(DEBUG_FUNC, _MOD_VERSION ": entering \tcmd_escapestring");
+
+@@ -1108,9 +1110,17 @@
+ conn = (db_conn_t *) entry->data;
+
+ /* PostgreSQL has no way to escape strings internally */
++ /* Note: the PQescapeString() function appeared in the C API as of
++ * Postgres-7.2.
++ */
++ unescaped = cmd->argv[1];
++ escaped = (char *) pcalloc(cmd->tmp_pool, sizeof(char) *
++ (strlen(unescaped) * 2) + 1);
++
++ PQescapeString(escaped, unescaped, strlen(unescaped));
+
+ log_debug(DEBUG_FUNC, _MOD_VERSION ": exiting \tcmd_escapestring");
+- return mod_create_data(cmd, (void *) cmd->argv[1]);
++ return mod_create_data(cmd, (void *) escaped );
+ }
+
+ /*