INSERT INTO mysql problem from a form.

Hey all!

I am new here, and new to php and mysql, but I will make this pretty short (at least try to). I am working on setting up at least the basics...a user list. I have made a usertest.htm page (form) and i am using it to POST to usertest.php and trying to have the information the user had input in the form, inserted into the database via the php page. I do keep comming up with different errors, trying my " and ' and () in different positions. Originally I was getting parse errors, but I seem to have fixed those, now just getting the error I posted at the bottom with the mysql query syntax. I know how to do forms, and the php page is quite short, so heres the code, hope someone can help

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php

mysql_connect("host","usr","pass") or die ("Unable to connect to MySQL server.");
$db = mysql_select_db("database") or die ("Unable to select requested database.");

//Assign contents of form to variables
$user = $_POST['user'];
$password = $_POST['password'];
$shard = $_POST['shard'];
$email = $_POST['email'];
$im = $_POST['im'];
$icq = $_POST['icq'];

mysql_query ( "INSERT INTO visitors (user, password, shard, email, im, icq) VALUES ($user, $password, $shard, $email, $im, $icq)" );

echo mysql_error();
mysql_close();

?>

</body>
</html>

The error comes up as:

You have an error in your SQL syntax near '@email, im, icq)' at line 1

It seems that i am close to getting it right, because the information IS being passed to the .php page, but not quite making it to the database table. It also seems that it is accepting the first 3 values, but once it hits the @ sign it becomes a problem from there? Is that something that cannot be used in an insert command as a value passed from my variable?...and of course, the previous information before the @ does not make it into the table.

Any thoughts, hints, corrections or guides i can refer to would be wonderful. Thanks in advance gang, and i hope to contribute rather than inquire as time goes on

OH! One other thing, I would like to include what the user had input on the htm page so they can see what information they had posted to make sure there are no errors. I would imagine it would just be a simple Echo command to do this, and I would also just put the comment on the bottom of the page stating Thanks for submitting your information. I know there are many ways to do this, but its late, and I am beginning to ramble so I will leave it at that. My main concern is getting the info into the table from my form.
Night for now.
Jokes

String values need to be quoted when being updated or inserted into mysql:

Thanks Houston.....we have a go and a good insert

Now my brain can work on even more boggling problems lol, i had tried everything except for putting the periods on each side of the variables in the string to be inserted.

I didn't even know they needed to be there!...but...as we see here folks, you live, you inquire...and you shall learn...i know i just did lol!

Anyway, thanks again for the help, and I am sure you will be seeing more posts and questions from me as I work my way blindly through my little project. *cheers*....its almost friday!

No problem. Hope you'll stick around. Don't be shy about posting in some of the non-programmer forums.

I realize dhouston's way works... but you could also do this:


You might run into problems when dealing with arrays, or methods with return values.

[just had to throw my two cents in]

I beleive I tried that method MadCowDzz. Only difference with the way I did it, was i had a space after each comma, but hence, I got errors on it that way.

Its working well with the first example, so since I'm a smart beginner, and figure I was always taught don't fix it if it ain't broke, I will leave that one particular query alone

Just to keep ya'll updated, It is posting correctly, and even detects if someone has input a duplicate name, which i set unique as to not allow that. Is there a "neater" way to display the error that tells the submitter he needs to pick another name?

Right now once a user submits the page, the info goes in, but ummm....they go to a blank page (the processor)....*that can't be good, he thinks to himself* Where to go next.....hrmm....