You forgot to escape your sql query though.