After being downvoted twice and favorited once, I was perplexed as to what's so wrong with the code. Thanks to @AirThomas and @Jasper, I formatted the code and adopted some best practices, which helped me nail the issue.
The issue was with the strings. They had single quotes and were somehow not getting escaped (mostly, due to some weird character encoding trouble. I didn't bother to get into details). Rather used a simple function from (phpfreaks) to ensure, I am not leaving any stone unturned while escaping. The function is:
function cleanStr($str){
$str = trim($str);
if($str == "") return;
$str = stripslashes($str);//STRIP \ slashes
if (function_exists(mysqli_real_escape_string)){
$str = mysqli_real_escape_string($str);
}else{
$str = mysql_real_escape_string($str);
}
//CONVERT TO HTML
$str = htmlspecialchars($str);
//LAST CLEAN UP
$str = preg_replace("#\'#","",$str);
return $str;
}
After escaping the strings and parametrizing the code (edited the question to show the latest code), the inserts worked like a charm.
Things I learnt today:
- Escape the strings properly, not just mysql_real_escape_string
- Use mysql_error() like so to catch mysql errors.
echo mysql_errno() . ": " . mysql_error() . "\n";
- Format the query and parametrize it as much as possible
- Format the code properly before posting on SO, else you dont even
- Use PDO or mysqli
I have just started coding (4 weeks back), so apologies for the obvious errors.
Thanks everyone