I've been playing around with the db_sqlite module a bit. Looking at the procs for exec() and getRow()/getAllRows() It can take an option args parameter. are these arguments automatically sanitized for me, or do I manually need to do it myself. I'd like to avoid a "Bobby Tables" incident in the app I'm writing.