It would be very useful for those who using sqlite3 CLI program as a mechanism/frontend/TUI to access databases. As of now users of *sqlite3* CLI/shell should take care about supplied data from external resources and be responsible for data sanitation to prevent SQL injection. Current .dot command "**.parameter set**" is not true key/value binding feature that can be used as a mechanism to prevent SQL injection, that's why I suggesting to implement new .dot command. Proposal is to implement new .dot command **`.parameter bind KEY VALUE`** , where **`VALUE`** can be anything, including un-escaped quotes, so it can be safely used later in prepared statements. To avoid "escaping hell" with supplied **VALUE**, I suggest to accept **VALUE** as raw bytes content on the right side of command, after first space that follows **KEY** and up to the end of line or up to first 0x00 byte. If it going to be implemented, it will be also very useful, if **`VALUE`** in the proposed .dot command will support **`.read`** command, that can be distinct from proposed one as: **`.parameter bindfile KEY FILE`** or **`.parameter bindblob KEY FILE`** by utilizing existing code of **`.read`** command.