Be careful! Not only is your data susceptible to broken SQL statements, it's highly vulnerable to SQL injection attacks. At least run your data through quote (but use placeholders instead).