The compromised US Treasury Department system used PHP's pg_escape_string method to sanitize user input into a safe form. pg_escape_string internally calls PQescapeStringInternal, which actually ...