Index: django/core/db/backends/postgresql.py
===================================================================
--- django/core/db/backends/postgresql.py	(revision 1524)
+++ django/core/db/backends/postgresql.py	(working copy)
@@ -53,6 +53,17 @@
         if name.startswith('"') and name.endswith('"'):
             return name # Quoting once is enough.
         return '"%s"' % name
+
+    def escapechars(self,rawstring):
+        "Escapes dangerous characters from SQL in a backend-specific way"
+        # important to process backslashes first, otherwise characters are substituted twice!
+        cookedstring = rawstring.replace('\\','\\\\')
+        cookedstring = rawstring.replace("'","''")
+        cookedstring = rawstring.replace('"','\"')
+        cookedstring = rawstring.replace('*','\*')
+        cookedstring = rawstring.replace('_','\_')
+        cookedstring = rawstring.replace(';','\;')
+        return cookedstring
 
 def dictfetchone(cursor):
     "Returns a row from the cursor as a dict"
Index: django/core/db/backends/sqlite3.py
===================================================================
--- django/core/db/backends/sqlite3.py	(revision 1524)
+++ django/core/db/backends/sqlite3.py	(working copy)
@@ -55,6 +55,12 @@
             self.connection.close()
             self.connection = None
 
+    def escapechars(self,rawstring):
+        "Escapes dangerous characters from SQL in a backend-specific way"
+        # sqlite will happily accept a variety of characters without complaint. Single-quotes, however, must be doubled.
+        cookedstring = rawstring.replace("'","''")
+        return cookedstring
+
     def quote_name(self, name):
         if name.startswith('"') and name.endswith('"'):
             return name # Quoting once is enough.
Index: django/core/management.py
===================================================================
--- django/core/management.py	(revision 1524)
+++ django/core/management.py	(working copy)
@@ -81,6 +81,12 @@
                     field_output.append('REFERENCES %s (%s)' % \
                         (db.db.quote_name(f.rel.to.db_table),
                         db.db.quote_name(f.rel.to.get_field(f.rel.field_name).column)))
+                if f.default <> meta.fields.NOT_PROVIDED:
+                    try:
+                        escaped_string = db.db.escapechars("DEFAULT '%s'" % (f.default,))
+                        field_output.append(escaped_string)
+                    except NotImplemented:
+                        pass
                 table_output.append(' '.join(field_output))
         if opts.order_with_respect_to:
             table_output.append('%s %s NULL' % (db.db.quote_name('_order'), db.DATA_TYPES['IntegerField']))