escaping and sql injection - Mailing list pgsql-general

Is there any links for escaping characters and sql injection prevention in postgres?

I have read where the ' character is not really the preferred escaping character, but it does seem
to be the one I've seen for postgres.

Can multiple statements be issued in postgres, like:

'select count(*) from MyTable; drop MyTable;'