Hi Stas,
What happens when, with your patch, you try to pass an array as a query parameter? ($1, etc) I suspect the correct thing to do would be to return T as a second value from to-sql-string (which indicates that the string should be escaped when put into a query), rather than putting quotes into the returned string. Also, do you know what the correct syntax is when the array contains a string containing a single quote? I suspect it should be escaped, which will also be handled by returning a second t value. If you could test this for me, I'd be thankful.
Cheers, Marijn