what does zend framework provides in order to escape user input into a query string ?
See Quoting Values and Identifiers. You can also use Zend_Db_Select when creating your query, which will automatically call quoteInto.