I'd guess, at the very least, that you need to enclose your variables inside braces:

VALUES ('{$_POST['lastname']}', '{$_POST['firstname']}', '{$_POST['address1']}', '{$_POST['address2']}', '{$_POST['city']}', '{$_POST['state']}', '{$_POST['zipcode']}', '{$_POST['email1']}', '{$_POST['email2']}', '{$_POST['homephone']}', '{$_POST['cellphone']}', '{$_POST['checkbox']}')";

But then again there might be other errors... If you keep having problems, try posting the entire PHP statement and the statement before that as well, many syntax errors are due to a missing symbol in the lines before the one listed.

Also i'd be wary of any script that uses $_POST values directly in a SQL statement, it may not be able to handle single-quotes and leave you open to SQL injection [php.net]. Test your form thoroughly by entering text with a single-quote in every field, e.g. a'b, text with HTML angle brackets, e.g. <b blah blah, and super-long text.

VALUES('".$_POST['lastname']."','".$_POST['firstname']."','".$_POST['address1']."','".$_POST['address2']."','".$_POST['city']."','".$_POST['state']."','".$_POST['zipcode']."','".$_POST['email1']."','".$_POST['email2']."','".$_POST['homephone']."','".$_POST['cellphone']."','".$_POST['checkbox']."')";

I think this will fix your problem but idfer is correct... I wouldn't insert POST values without validating them.

Hey thanks for the replies.

I am still having the same problem so I am posting the entire script to see if you have any more ideas.

It is as follows:

<?php
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("JudgesUpdates", $con);

$sql="INSERT INTO Judges Update (lastname, firstname, Address1, Address2, City, State, Zip, Primary Email, Secondary Email, Home Phone, Cell Phone, Interest)
VALUES('.$_POST['lastname']','.$_POST['firstname']','.$_POST['address1']','.$_POST['address2']','.$_POST['city']','.$_POST['state']','.$_POST['zipcode']','.$_POST['email1']','.$_POST['email2']','.$_POST['homephone']','.$_POST['cellphone']','.$_POST['checkbox']')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "records updated";

mysql_close($con);
?>

Mooger35,

I entered the script as you reccomended and now it is giving me a new error.

It is now stating:

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING on line 11

A thing is not as complicated as it seems if yo break it down to it's atomic parts. First, what is this?

INSERT INTO Judges Update (.....

I am not a mysql "guru" but have never seen a select statement like this. Even without the php errors, is "insert into [table] update" a valid statement? I only know of insert into or update . . . .

Second, where we get to breaking it down, note how your statement begins with a double quote and doesn't have an ending double quote before your first concatenation:

$sql="INSERT INTO Judges (lastname, firstname, Address1, Address2, City, State, Zip, Primary Email, Secondary Email, Home Phone, Cell Phone, Interest)
VALUES('.<--- No closing double quote

If you're going to concatenate, you have to be sure to enclose string values.

$test = "this is a" . $variable . " concatenation."

So revising your last statement - multiple lines are allowed in a concatenation for clarity -

$sql="INSERT INTO Judges (lastname, firstname," .
"Address1, Address2, City, State, Zip, Primary Email," .
"Secondary Email, Home Phone, Cell Phone, Interest) " . // <-- note the space
"VALUES('" . //<-- note this is a single quote for the first insert value, double quote ending the string
$_POST['lastname'] . "','" .
$_POST['firstname'] . "','" .
$_POST['address1'] . "','" .
$_POST['address2'] . "','" .
$_POST['city'] . "','" .
$_POST['state'] . "','" .
$_POST['zipcode'] . "','" .
$_POST['email1'] . "','" .
$_POST['email2'] . "','" .
$_POST['homephone'] . "','" .
$_POST['cellphone'] . "','" .
$_POST['checkbox'] . "')";

The importance of cleansing your input variables cannot be stressed enough, so here's one more vote for it.

Writing SQL statements like that can be tricky because you're dealing with quotation marks (") that delimit PHP strings + quotation marks (') that delimit strings within the SQL statement. You may want to try what i usually do (simplified here), which is write a function to encode string values for SQL statements:

<?php
// Function to enclose values in quotes for SQL statements
// and also escape single-quotes within the value
function dbEncodeString($value) {
 if(get_magic_quotes_gpc()) // You should really have this off
 return "'".$value.'"';
 else
 return "'".mysql_real_escape_string($value)."'";
}
$con = mysql_connect("localhost","username","password"); 
if (!$con) 
{ 
die('Could not connect: ' . mysql_error()); 
} 
mysql_select_db("JudgesUpdates", $con); 
// Validate all $_POST values, make sure they're not 
// too long for the field sizes in the database.
$lastnameSQL = dbEncodeString($_POST['lastname']);
$firstnameSQL = dbEncodeString($_POST['firstname']);
// etc, one for each of $_POST fields ...
$sql="INSERT INTO `Judges Update` 
(lastname, firstname, Address1, Address2, City, State, Zip, 
Primary Email, Secondary Email, Home Phone, Cell Phone, Interest)
VALUES ($lastnameSQL, $firstnameSQL, $address1SQL, $address2SQL, 
$citySQL, $stateSQL, $zipcodeSQL, $email1SQL, $email2SQL, 
$homephoneSQL, $cellphoneSQL, $checkboxSQL)"; 
if (!mysql_query($sql,$con)) 
{ 
die('Error: ' . mysql_error()); 
} 
echo "records updated"; 
mysql_close($con); 
?>

And as rocknbill mentioned, the INSERT INTO part doesn't look right, if your table is called Judges, then you don't need the Update part, but if it's called "Judges Update" with a space in the middle, you need to enclose the name in back-quotes (as i have above) so SQL doesn't get confused, or better yet rename the table so it doesn't contain any spaces. Hope this helps.