> The string (RFC type 'text') should be escaped before being added to the concatenation buffer. I'll take a look and see if it's fixed in later versions.

maybe the entire attribute value data is copied
but when sql_escape_func from rlm_sql module is called it stops on the first NUL byte in it, so maybe the escaping fails?