diff --git a/reference/sqlite3/sqlite3/escapestring.xml b/reference/sqlite3/sqlite3/escapestring.xml
index 92813d5d1b..999d798e7f 100644
--- a/reference/sqlite3/sqlite3/escapestring.xml
+++ b/reference/sqlite3/sqlite3/escapestring.xml
@@ -17,6 +17,11 @@
    Returns a string that has been properly escaped for safe inclusion in an
    SQL statement.
   </para>
+  &note.not-bin-safe;
+  <para>
+   To properly handle BLOB fields which may contain NUL characters, use
+   <function>SQLite3Stmt::bindParam</function> instead.
+  </para>
  </refsect1>
 
  <refsect1 role="parameters">