Syntax error:MySQL Insert Select

Question

I have this query to insert into tbl_userprofile:

$SQL = "INSERT INTO tbl_userprofile (userId, name, surname, gender, nationality, address,  mobile, department, email, question, answer)
SELECT tbl_user.Id , '$name', '$surname', '$gender', '$nationality', '$address','$mobile',  '$department', '$email', '$question', '$answer'
FROM tbl_user
WHERE username = '$uname'";

I'm getting a syntax error saying: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'pet-peeve', 'dirt' FROM tbl_user WHERE username = 'alex'' at line 2"

NOTE: pet-peeve and dirt are the question and answer. I dont know how i'm getting a syntax error. Please where is my syntax error? Thanks

Answer 1

There might be some plain text in those two last field so maybe there are quote around, better to use addslashes() to your $question and $answer variables

'$email', '".addslashes($question)."', '".addslashes($answer)."' FROM tbl_user