MySQL insert syntax error in pre-written script

I'm using a modified version of a pre-written script. It works in other places on the site but I can't work out what I've missed here...

    $insertQuery = "INSERT INTO cmsportfolio (status,title,imgurl,imgthumb,section,url,`desc`,type) VALUES (".
    "'".开发者_如何学运维$HTTP_POST_VARS['status']."', ".
     "'".$HTTP_POST_VARS['title']."', ".
    "'".addslashes($HTTP_POST_VARS['imgurl'])."', ".
    "'".addslashes($HTTP_POST_VARS['imgthumb'])."', ".
    "'".$HTTP_POST_VARS['section'].", ".
    "'".addslashes($HTTP_POST_VARS['url'])."', ".
    "'".addslashes($HTTP_POST_VARS['desc'])."', ".
    "'".$HTTP_POST_VARS['type']."' )";


if ($result = $connector->query($insertQuery)){

    header('Location: ' . $_SERVER['PHP_SELF'].'?action=addsuccess');
    exit;

}else{
    echo "Error message = ".mysql_error(); 
    exit('<center>Sorry, there was an error saving to the database</center>');
}

I get the error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.xxxxxxxx.co.uk', 'frgdr tr tr', '0' )' at line 1 Sorry, there was an error saving to the database

(the error refers to the last 3 fields of the query)

 "'".$HTTP_POST_VARS['section'].", ".

Missing ending quote

The only stupid mistake you've made is not posting the generated SQL. The extremely unwise decision you've made is not escaping the POST parameters. You got lucky in that you got a syntax error from a single quote in title, before some prankster decided to post title='; drop table cmsportfolio; -- '. See here.

EDIT: Sparky points out the typo that is causing your immediate problem.

i guess 'imgthunb' might have a single quote in it...