Bug in sql escaping in apr_dbd_sqlite2 and apr_dbd_sqlite3

[Ronen Mizrahi]

*The following code (used both in apr_dbd_sqlite2.c and in apr_dbd_sqlite3.c) 
in order to escaqpe SQL strings is incorrect.
When the % charcater appears in the arg it is misniterpreted of-course and can 
have far reaching side effects.
The proper solution is listed below as well.

INCORRECT:
static* *const* *char* **dbd_sqlite3_escape*(apr_pool_t *pool, *const* *char* 
*arg,
                                     apr_dbd_t *sql)
{
   *char* *ret = sqlite3_mprintf(arg);
   apr_pool_cleanup_register(pool, ret, (*void* *) sqlite3_free,
                             apr_pool_cleanup_null);
   *return* ret;
}


*CORRECT:
static* *const* *char* **dbd_sqlite3_escape*(apr_pool_t *pool, *const* *char* 
*arg,
                                     apr_dbd_t *sql)
{
   *char* *ret = sqlite3_mprintf("%q", arg);
   apr_pool_cleanup_register(pool, ret, (*void* *) sqlite3_free,
                             apr_pool_cleanup_null);
   *return* ret;
}