I keep getting syntax error

When I try to write to my sql I get a syntax error when something is written in the last feild I’ve checked the database structure I rewrote the code 5 times I can’t figure out why it tells me there is a syntax error only when the comment veriable has a value. heres the code:

php:
connect();
$query = “INSERT INTO guestbook VALUES (’$name’,’$rel’,’$comment’)”; // the $comment veriable on this line is whats giving me the truble
[php]
mysql_query($query);
echo mysql_error();
mysql_close();
[/php]

thank you for looking at it

Can you give the error code? You might not have filtered the comment correctly. Also, I would suggest specifiying the columns every time you do an insertion. And make sure the column has the right type.

The problem only accures when there is an apostaphy ’ in the variable. the table has 3 coloms Name (varchar 50), Relationship(varchar50), Comment (varchar 60000) as long as there are only letters and numbers the code works when there are other chars the error comes up that I need to read the manual because there is a syntax error where that char is. the site is up you can see the error the site is http://gaylandjcaron.kccomputers.org

check the fields and the variable which u pass here… is it right place if the field name and variable name is not right place than its throwing an error

the veriables are in the right places it’s just an odd error I posted not to use any special chars on the site

Use mysql_real_escape_string whenever you put user input into a MySQL query:

[php]$query = “INSERT INTO guestbook VALUES (’” . mysql_real_escape_string($name) . “’,’” . mysql_real_escape_string($rel) “’,’” . mysql_real_escape_string($comment) . “’)”;[/php]

Otherwise you are vulnerable to SQL injection.

Many other escape filters would also work, but that’s probably the best option. Do this any time you accept user input, otherwise your site will be really unsecure.