> Yep, I agree. Furthermore, (un)escape routines will consume so much
> system CPU. If you can, try to use parameters (pg_query_params() and
> pg_send_params()) in any bytea/lo storage. This makes you free from
> escaping without any potential SQL Injection threats.
PostgreSQL prepared statements don't escape bytea afaik
Chris