eZMySQLiDB::escapeString() returns an unescaped string if no connection is made.

mysql_escape_string() can be used in this case. Although not so secure, better than no escaping at all!