DaMaAn

Try to use \' around your insert statement OR escape all the rest of the \" used. Like this: $query = \'INSERT INTO employees VALUES ("\'.$first.\'","\'.$last.\'","\'.$address.\'","\'.$position.\'")\'; This will not translate any PHP variables so they must be concatenated into the string. or $query = "INSERT INTO employees VALUES (/"$first/",/"$last/",/"$address/",/"$position/")"; if you must have \" in the INSERT statement (doubt that) or $query = "INSERT INTO employees VALUES (\'$first\',\'$last\',\'$address\',\'$position\')"; Will probably produce the correct result with the \"nicest\" code. The problem is that you use the same quotes in the string as quoting the string.

Not a complete solution, maybe not even close to an answer, but to reduce complexity use \"permission in (2,3,6,7)\" in the later SQL statement.