Another way of doing it is to list the values only with or without columns in your MySQL syntax, like this:
INSERT INTO table_name
VALUES (value1,value2,value3,...);
or this:
INSERT INTO table_name (column1,column2,column3,...)
VALUES (value1,value2,value3,...);
I have no source but I've read somewhere that writing it like this would provide proper protection from SQL injections assuming that you just replace value1, value2 etc with PHP variables.