quote strings passed to sql

[Juan Bernhard]

Hello list. I'm thinking to migrate the hole user db from system users
to mysql. I already did it in a test environment, but something is
annoying my OCD... I don't quote the variables username and password
sent to the mysql server. I know, the mysql user that dovecot uses only
has select rights, but it stills bother me, because its possible to do
an useless sql code injection.

Is there a way to quote that? Something like exim's quote_mysql?



Saludos, Juan.