COMMENTED ISSUE: Cannot get XpathCache to replace variables.

I cannot get XpathCache to replace dynamic xpath variables in my xpath expression. I know the expression evaluates if I hardcode some test values.

This works:
string MenuDepthXpathStr = "/descendant-or-self::ul[count(ancestor-or-self::ul) >= $depth]";
string Depth = "1";

XPathNodeIterator TempList = XPathCache.Select(MenuDepthXpathStr, MenuDocXml, new XmlNamespaceManager(MenuDocXml.NameTable), new XPathVariable("depth", Depth));

However this doesnt:
string MenuDepthXpathStr = "/descendant-or-self::ul[count(ancestor-or-self::ul) >= $depth $highlighted]";
string Depth = "1";
string Highlighted = (SomeBoolVal? "and contains(@class, 'expanded')" : "");

XPathNodeIterator TempList = XPathCache.Select(MenuDepthXpathStr, MenuDocXml, new XmlNamespaceManager(MenuDocXml.NameTable), new XPathVariable("depth", Depth), new XPathVariable("highlighted", Highlighted));

It seems as though my variable cannot contain xpath it can only be values. Why is this? Is there any way to dynamically generate the xpath itself and not just insert values?
Comments: ** Comment from web user: aromero78 **

If at all possible I'd rather not be protected from myself. Would it be possible to break out this functionality into two separate functions? An XPathCache.Select method that allows for any string to be added and a new function that would check a give string for xpath injection? That way in situations where I control all of the variables and know that xpath injection is not possible I could use the XPathCache class to build any Xpath statement I wanted and could still check for injection if need be.