Try to use \' around your insert statement OR escape all the rest of the \" used. Like this:
$query = \'INSERT INTO employees VALUES ("\'.$first.\'","\'.$last.\'","\'.$address.\'","\'.$position.\'")\';
This will not translate any PHP variables so they must be concatenated into the string.
or
$query = "INSERT INTO employees VALUES (/"$first/",/"$last/",/"$address/",/"$position/")";
if you must have \" in the INSERT statement (doubt that)
or
$query = "INSERT INTO employees VALUES (\'$first\',\'$last\',\'$address\',\'$position\')";
Will probably produce the correct result with the \"nicest\" code.
The problem is that you use the same quotes in the string as quoting the string.