I am working on a project that using sqlite and we are trying to escape the special characters which might lead to the Sql injections. I made a research and I found that the escape schema is different per the database engine (e.g. sqlite is different from MySql). And I found out that in case of sqlite we need to escape only a ' (single quote) by just adding another single quote. but I have tried also to use " instead of ' and seems that the " should be escaped by adding another ". => So could anyone confirm my previous information? also please highlight if other characters need to be escaped?