Try not to use plain MySql. I know that learning new technologies might feel overwhelming but we live in year 2016. There are plenty of tools that will make your life easier.
For example DiBi database layer:
https://github.com/dg/dibi
You can use either OFFICIAL VERSION as shown in the documentation:
SELECT:
dibi::query('SELECT * FROM users WHERE id = ?', $id);
INSERT
$arr = [
'name' => 'John',
'is_admin' => TRUE,
];
dibi::query('INSERT INTO users', $arr);
UPDATE
dibi::query('UPDATE users SET', $arr, 'WHERE `id`=?', $x);
Or you can use FLUENT VERSION:
SELECT
$res = dibi::select('product_id')->as('id')
->select('title')
->from('products')
->innerJoin('orders')->using('(product_id)')
->orderBy('title')
->fetchAll();
INSERT
$record = array(
'title' => 'Výrobek',
'price' => 318,
'active' => TRUE,
);
dibi::insert('products', $record)
->execute();
UPDATE
$record = array(
'title' => 'Výrobek',
'price' => 318,
'active' => TRUE,
);
dibi::update('products', $record)
->where('product_id = %d', $id);
->execute();
It will make your life much easier. Learning fluent version and concatenating your queries is even quite fun. When you need to test your query just use test() method.
You do not even have to worry about sql injections.