+ /* We found a place to substitute..what fun.
+ * use sqlite calls to escape and write the
+ * escaped string onto the end of our query buffer,
+ * then we "just" need to make sure queryend is
+ * pointing at the right place.
+ */
+
+ /* Is it numbered parameter?
+ */
+
+ bool numbered;
+ numbered = false;
+
+ /* Numbered parameter number :|
+ */
+ unsigned int paramnum;
+ paramnum = 0;
+
+ /* Let's check if it's a numbered param. And also calculate it's number.
+ */
+
+ while ((i < req.query.q.length() - 1) && (req.query.q[i+1] >= '0') && (req.query.q[i+1] <= '9'))
+ {
+ numbered = true;
+ ++i;
+ paramnum = paramnum * 10 + req.query.q[i] - '0';
+ }
+
+ if (paramnum > paramscopy.size() - 1)
+ {
+ /* index is out of range!
+ */
+ numbered = false;
+ }
+
+
+ if (numbered)
+ {
+ char* escaped;
+ escaped = sqlite3_mprintf("%q", paramscopy[paramnum].c_str());
+ for (char* n = escaped; *n; n++)
+ {
+ *queryend = *n;
+ queryend++;
+ }
+ sqlite3_free(escaped);
+ }
+ else if (req.query.p.size())