MY SQL insert syntax error

Question

I know what a syntax error is but i cant find the problem in my syntax. I did the sql in phpmyadmin first and not ive just copied and put variables in.

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's new carving chisels. 1 x 13mm 4-point finishing claw Chisel. Southern St' at line 3

Code:

public function insert_row($vendor, $product_link, $product_title, $product_desc, $product_price){
    mysql_query("INSERT INTO `crawl_products` ( `vendor` , `product_link` , `product_title` , `product_desc` , `product_price` )
        VALUES (
        '$vendor', '$product_link', '$product_title', '$product_desc', '$product_price'
        )") or die(mysql_error());
}

Many Thanks.

Answer 1

The tables need no Grave accents, e.g. "`vendor`" should just be "vendor", and try to write the variables like this:

VALUES ( '".$vendor."', 

it should work then.

And what sythnet wrote about mysql_query($con applies to mysqli_qurey, not to mysql_query

Answer 2

You need to apply mysql_real_escape_string over each variable before running the insert query

public function insert_row($vendor, $product_link, $product_title, $product_desc, $product_price){

    $vendor = mysql_real_escape_string($vendor);
    $product_link = mysql_real_escape_string($product_link);
    $product_title = mysql_real_escape_string($product_title);
    $product_desc = mysql_real_escape_string($product_desc);
    $product_price = mysql_real_escape_string($product_price);

    mysql_query("INSERT INTO `crawl_products` ( `vendor` , `product_link` , `product_title` , `product_desc` , `product_price` )
        VALUES (
        '$vendor', '$product_link', '$product_title', '$product_desc', '$product_price'
        )") or die(mysql_error());
}

Answer 3

Escape the inputs. Use mysql_real_escape_string.

---

Also have look at : Why shouldn't I use mysql_* functions in PHP?