> What's the proper way to ensure that ' characters are properly quoted but > don't show up in the output?
Honestly, we use the SQLite .NET managed driver and pass all data in via parameters, therefore we have no escape issues and more importantly no SQL injection woes, if you're taking data right off the string and passing it into SQLite I could probably enter some text that wipe out all of your data, consider parameters, they solve a whole bunch of problems.
