Mysql Query Issues

Hey there, I’m having some issues with my query and I can’t seem to fin out what’s wrong. First the code:

[code]<?php
session_start();

	include("dbConnect.php");
	
	$agent = $_SESSION['agent'];		//Set agent name and ID variables
	$agentid = $_SESSION['agentId'];
	
	//Check that no section of the form was left blank
	if($_POST['fname'] != null && $_POST['sname'] != null && $_POST['jtitle'] != null && $_POST['jdesc'] != null){
		
		mysql_query("INSERT INTO job (jobId, agentId, date, time, jobName, jobDescription, jobstatus, customerFirstname, customerSurname, customerTelephoneNo) VALUES (null, '".$agentid."', CURDATE(), NOW(), '".$_POST['jtitle']."', '".$_POST['jdesc']."', 'Live', '".$_POST['fname']."', '".$_POST['sname']."', '".$_POST['phone']."', )");
		
		
		header("location:reception.php?content=3");
	
	
	} else{		//Error message
		header("location:reception.php?content=4");
	}

?>[/code]

I get no errors when I run this, I have also echo’d back the query and all fields seem to look okay. The thing is even though it runs the code, it does no add the row to my table.

There’s not supposed to be a comma after the last value. Also add or die(mysql_error()) to the end of the query.

[php]mysql_query(“INSERT INTO job (jobId, agentId, date, time, jobName, jobDescription, jobstatus, customerFirstname, customerSurname, customerTelephoneNo) VALUES (null, '”.$agentid."’, CURDATE(), NOW(), ‘".mysql_real_escape_string($_POST[‘jtitle’])."’, ‘".mysql_real_escape_string($_POST[‘jdesc’])."’, ‘Live’, ‘".mysql_real_escape_string($_POST[‘fname’])."’, ‘".mysql_real_escape_string($_POST[‘sname’])."’, ‘".mysql_real_escape_string($_POST[‘phone’])."’)") or die(mysql_error());[/php]

You’re setting yourself up for some major headaches if someone should try something nasty. You need to escape all that user input with mysql_real_escape_string(), or at least addslashes(). Look up sql injection and you’ll see what i’m talking about.