sql_escape_binary() solution

gistfile1.diff

diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php
index b29e279..15c220b 100644
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -541,12 +541,16 @@ class dbal
 	* Function for validating values
 	* @access private
 	*/
-	function _sql_validate_value($var)
+	function _sql_validate_value($var, $is_binary = false)
 	{
 		if (is_null($var))
 		{
 			return 'NULL';
 		}
+		else if (is_string($var) && $is_binary)
+		{
+			return $this->sql_escape_binary($var);
+		}
 		else if (is_string($var))
 		{
 			return "'" . $this->sql_escape($var) . "'";
diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php
index 959d8df..061fe2c 100644
--- a/phpBB/includes/db/postgres.php
+++ b/phpBB/includes/db/postgres.php
@@ -380,6 +380,15 @@ class dbal_postgres extends dbal
 	}
 
 	/**
+	* Escape string used in sql query
+	* Note: Do not use for bytea values if we may use them at a later stage
+	*/
+	function sql_escape_binary($msg)
+	{
+		return "'" . @pg_escape_string($msg) . "'";
+	}
+
+	/**
 	* Build LIKE expression
 	* @access private
 	*/
diff --git a/phpBB/includes/db/sqlite.php b/phpBB/includes/db/sqlite.php
index e2a9c68..5972239 100644
--- a/phpBB/includes/db/sqlite.php
+++ b/phpBB/includes/db/sqlite.php
@@ -312,6 +312,15 @@ class dbal_sqlite extends dbal
 	}
 
 	/**
+	* Escape binary string used in sql query
+	*/
+	function sql_escape_binary($msg)
+	{
+		$binary_array = unpack('H*', $var);
+		return "x'" . $binary_array[1] . "'";
+	}
+
+	/**
 	* Correctly adjust LIKE expression for special characters
 	* For SQLite an underscore is a not-known character... this may change with SQLite3
 	*