sql insert html,Insert html into sql table

I'm trying to insert a value into my sql table that has html in it: like follows

$story ="

$mont$day

lkjljt

Posted $name | $school, $date | Rating

$message

";

$db = mysql_connect("host", "user", "password");

mysql_select_db("db", $db);

if (!$db)

{

die('Could not connect: ' . mysql_error());

}

$sql = "INSERT INTO Post VALUES ('', '$date', '$time', '$story', '$school','$location', '$sex', '$zipcode', '$name');";

$result = mysql_query($sql);

if($result)

{ $success = " Your hookup has been submitted ";}

else{

$error = "something went horribly wrong" . mysql_error();}

?>

I keep getting a syntax error when I submit this page, and if I comment $story out, the query runs fine. How can I fix this?

The most likely reason is that $story contains single quotes, which will break the query. Protect it using mysql_real_escape_string

In general, this is a bad idea as it is open to SQL injection.

$sql = "INSERT INTO Post VALUES ('', '$date', '$time', '$story',

'$school','$location', '$sex', '$zipcode', '$name');";

At least, use mysql_real_escape_string which will protect the input for characters that have special meaning in a MySQL query. Use it on all textual columns.

$sql = "INSERT INTO Post VALUES ('', '$date', '$time', '" .

mysql_real_escape_string($story) . "','".

mysql_real_escape_string($school) . "','".

mysql_real_escape_string($location) . "', '$sex', '$zipcode', '" .

mysql_real_escape_string($name) ."');";

more