Any way to avoid the SQL bugs and execute raw strings?

[Araq]

As I already said, this is a workaround:
    
    
    sql "INSERT INTO my_table (my_col) values ('my_string')", "?" # ? will be 
replaced with ?
    
    
    
    Run

But if you create SQL via string concats and also do not know if the string 
contains a question mark, you're doing it completely wrong and have no 
protection against SQL injection attacks.