PHP's pdo:quote() escapes only single quotes, but sqlite needs backticks or double quotes for string to be interpreted as column name.
edit: found this: Escaping column names in PDO statements
This is something you'd hope the data access layer would have a function for, but PDO doesn't.
Summary of the summary of the summary: gnnnnnnnnnnnh.
edit2: there was a request for it but I really don't understand why they dismissed it: http://pecl.php.net/bugs/bug.php?id=3442