I am doing a little library project for practice. I have code that inserts a new book, taking from the html form author ids, (as a drop down list) title as a text box, topics as a drop down list, and a description of the book as a textarea. Description is the name of the field in the data base.
$title=trim(htmlentities($_POST['title']));
$commentary=trim(htmlentities($_POST['commentary']));
$topic=$_POST['topic'];
if (!is_numeric($topic) ) die ('anchovie error');
$scribe=$_POST['Author'];
$get_number="select last_insert_id()";

$title=mysql_real_escape_string($title);
$commentary=mysql_real_escape_string($commentary);
$condo="insert into books(title,topic_id,description)values('$title',$ topic,$commentary)";
$meen=mysql_query($condo) or die('defenestration error, open a new window<br />'.mysql_error());

As far as I can tell, the code should produce pretty much the same material for both $commentary and $title, a sanitized string. But when I run the code, I get this as the insert string, followed by the error.

insert into books(title,topic_id,description)values('Begining Ruby, from N#*$!x to P#*$!xx',7,Basic Ruby programming information)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Ruby programming information)' at line 1

It looks like $title is getting quote marks for some reason, but $commentary is not. Why is that?

Thanks for any assistance

NB, I munged the title for here just in case it caused TOS problems