You are taking a class and they are having you use mysql_query( )
Ask for your money back! mysql_query() is *OBSOLETE* and will be removed in the next version of PHP!
Anyway...aside from needing '...' around all string literals, you also need to looking at the function mysql_real_escape_string( )
Look it up in the PHP online docs at http://www.php.net