mysql - SQL and PHP Issue - Error: You have an error in your sql syntax -

error:

insert demorequests           (firstname,lastname,email,phone,company,jobtitle,numberofstaff)  values          (hank,janssens,contact@hankjanssens.com,5193174848,imaginadev,,1)  have error in sql syntax; check manual corresponds mysql  server version right syntax use  near '@hankjanssens.com,5193174848,imaginadev,,1)' @ line 2 

database table structure

create table if not exists `demorequests` (   `id` int(11) not null auto_increment,   `firstname` varchar(30) not null,   `lastname` varchar(30) not null,   `email` varchar(60) not null,   `phone` varchar(12) not null,   `company` varchar(60) not null,   `jobtitle` varchar(30) not null,   `numberofstaff` varchar(12) not null,   primary key (`id`) ) engine=innodb default charset=latin1 auto_increment=1 ; 

php //assign $_post variables

 $firstname = $_post['firstname'];     $lastname = $_post['lastname'];     $email = $_post['email'];     $phone = $_post['phone'];     $company = $_post['company'];     $jobtitle = $_post['jobtitle'];     $numberofstaff = $_post['numberofstaff'];      $sql = "insert demorequests         (firstname,lastname,email,phone,company,jobtitle,numberofstaff)     values ($firstname,$lastname,$email,$phone,$company,$jobtitle,$numberofstaff)"; 

jonathan - when dealing strings, values need quoted.

('$firstname','$lastname','$email','$phone','$company','$jobtitle','$numberofstaff') 

nota: if it's int, quotes not required. however, of columns varchar except id column being ai.

do sanitize inputs mysqli_real_escape_string() since present code open sql injection.

you may want use stripslashes() in conjunction mysqli_real_escape_string(), should name contain apostrophe.

for example: (assuming you're using mysqli_ connecting api).

$firstname = stripslashes($_post['firstname']); $firstname = mysqli_real_escape_string($con, $_post['firstname']); 

and same rest.

or better yet:

use mysqli prepared statements, or pdo prepared statements, they're safer.