Well until the next update I've been using this as a work around.
PHP Code:
function sqlescape(str) {
if (str.pos("'") >= 0) {
temp.result = str.escape().tokenize("\\\'");;
for (temp.piece: result)
temp.nresult @= piece @ "''";
return temp.nresult.substring(0,nresult.length() - 2);
}
else return str.escape();
}
As well as format2 to accomplish that "parameterized query" request.