Quote a string s so that it can safely be put in a query.
All input that is used in SQL-querys should be quoted to prevent
SQL injections.
Consider this harmfull code:
string my_input = "rob' OR name!='rob";
string my_query = "DELETE FROM tblUsers WHERE name='"+my_input+"'";
my_db->query(my_query);
This type of problems can be avoided by quoting my_input.
my_input would then probably read something like
rob\' OR name!=\'rob
Usually this is done - not by calling quote explicitly - but through
using a sprintf like syntax
string my_input = "rob' OR name!='rob";
my_db->query("DELETE FROM tblUsers WHERE name=%s",my_input);