str for use within an SQL command (to avoid SQL injection attacks).
Note that the returned value still needs to be enclosed in single quotes before being used in an SQL statement.
a server provider.
a Connection object, or
a string to escape
a new string suitable to use in SQL statements