You do not need to quote values.
$where = new Zend\Db\Sql\Where();
$where->equalTo('user_id', $userId);
$where->equalTo('company_id ', $companyId);
$where->equalTo('color_id ', $colorId);
This way it is much more secure against SQL injection because of use prepared statements.