I guess you are trying to generate an SQL snippet for MySQL.

If that is true, htmanning is probably creating an SQL injection vulnerability here. As always, placeholders should be used instead. Not only does that prevent SQL injections, but it also allows caching and reuse of prepared SQL statements.

Alexander