Using ` (template literals) to 'quote' the string is not safe.

Use ' (regular string literal) intead and escape the data properly.