That's becuase you should be escaping your values. e.g.
$db->quoteInto('UPDATE table SET col = ? WHERE 1', 'Are you fine ?'); or
$db->query('UPDATE table SET col = '.$db->quote('Are you fine ?').' WHERE 1');
This prevents sql injection attacks, also ensures that any special chars are escaped for use with the database you are currently using, plus allows the sql produced to work in different db servers (e.g. you currrent sql wouldn't work in postgresql)