You have delimited the string you are passing to the mysql_query() function using double quotes ("..."), but you have used unescaped double quotes inside of this string.

Welcome aboard mateo710, you're mixing PHP's handling of strings with mysql. Mysql needs quoting on select statements. Your quoting there is for PHP only. Look . . . .

$name = 'rocknbil';

echo $name; //prints 'rocknbil'
echo "$name"; //prints 'rocknbil'
echo '$name'; //prints '$name'

Note that single quotes, in PHP, do not interpolate variable values. This gets important later.

Where people get confused is that mysql needs strings (and text values) quoted. mysql does NOT need numeric values quoted. So to do a proper select statement, storing the variables in another string, you have three choices. Decide to stick with double quotes,

$query = "insert into `table` (`name`) values (\"$name\")";

... which "escapes" the quotes within the php quoted string so they print as literal quotes:

insert into `table` (`name`) values ("rocknbil")

or, decide to stick to single quotes in mysql, and save double quotes for PHP. This is so you can still take advantage of the fact that PHP interpolates double quoted variables.

$query = "insert into `table` (`name`) values ('$name')";

Because "$name" is still delimited by double quotes in php, it will give an identical output as above.

The third choice is concatenation. The dot operator is used to "assemble" strings and can work around all of these.

$query = 'insert into `table` (`name`) values ("' . $name . '")";

This becomes useful when you dereference arrays,

$_POST['name']
$row['name']

.. in which case neither of the above won't work without context operators

{$row['name']}

I'll add two more bits:

`name`

The backticks are generally a good habit to form when referencing mysql table names and field names, especially if you are in the habit of using names that may conflict with mysql functions. I don't think "name" conflicts, but it's pretty common to do

select datetime from table where id=1234

... and datetime is a reserved word (it's a mysql function.) The backticks tell mysql it's a literal:

select `datetime` from `table` where id=1234

The best practice, of course, is not to use those names. :-)

The second bit, which you will encounter, is this:

$name = "O'Malley";

Which would give you

insert into `table` (`name`) values ('O'Malley')

Which, as you can see, mysql would stop at the second ' and not know what to do with Malley (other than spit you an error.)

For this purpose, you use mysql_real_escape_string() or mysql_escape_string()

$select = "insert into `table` (`name`) values ('" . mysql_real_escape_string($name) . "')";

or go old school with it and replace the conflicting delimiter:

$name = preg_replace("/'+/","''",$name);
// or str_replace()

this puts TWO quotes together wherever they occur and mysql can still work with it:

insert into `table` (`name`) values ('O''Malley')