You're going to have a whole heap of trouble (perhaps only a small heap) with that function as-is. Just from looking at the code, without testing it live, there are numerous points of either, "hey, that won't work" or "why on earth is this here?"
What's going on with the "now()" and "null" (with and without double quotes)? Exceptions to what? You strtolower all values? You feed a single-quote-wrapped value through the DBmysql::secure method, is the value secured then?
As for implementing this sort of function, keep it out of the current class at least. There's no harm in creating another class for this sort of query building job.