As everyone has repeatedly pointed out, once you deal with the obvious issues you quickly end up with something that looks like the gazillions of other ORMs on the market; sorry if I hurt anyone's feelings.
I said the code snippet looked like raw interpolation to me, and I asked how it could be made not vulnerable to injection. It was an honest observation and a genuine question. No flippancy was involved. You're free to think I'm an idiot, but you are the one being insulting and combative here.
So is everything else anyone types, code-like or not. He even said "Note how I deliberately shuffled the order and didn't bother with escaping.".
The response was flippant, intelligence-insulting, and obviously the result of failing to read thoroughly.
And speaking of intelligence-insulting, we all know you can run raw SQL through Sequel.
You're not having a useful dialogue, you're being combative, like the person I initially replied to.