To protect you and your apps from sql injection attacks all SQL queries use prepared statements. This is good practice and not something to be dismissed.
It does however mean it's hard to make custom SQL statements because column names will be wrapped in quotes to escape them.
In a nutshell, it's to stop this: