Quote Wrap Is Not Escape

A shell command, SQL query, or template string is assembled by interpolating an untrusted value between literal quote characters typed by hand into the surrounding source-language string literal (`'$var'`, `"$var"`). The author has encoded the destination's string-quoting convention as a character in the source rather than as a call to the destination's escape primitive (`escapeshellarg`, prepared-statement binding, the language's `quote()`). The character is not a function: a delimiter byte inside the interpolated value terminates the wrap and the destination's command grammar resumes from the next byte. The destination's runtime exposes a real escape primitive and the same project has used it elsewhere; the bug site reaches for a typed apostrophe instead.