Could somebody either point me to an article or explain what precautions should be taken to prevent SQL injection in Zope.  If user entered form data is passed to a ZSQL method does something automajically db escape the data or is the programmer responsible for doing this.  If the programmer is responsible, how is it done in Zope?  Thanks!