$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$e mail','$web')";
|
i would recomend not using that as an insert method. The reason been if you change the database structor you'll have to go back and change every query that uses that style of data.
you should do something like
$query = "insert into contact (contact_id,first_name,last_name) VALUES('',mysql_escape_string($_POST['first']),mysql_escape_string($_POST['last']));
the mysql_escape_string should stop stuff like sql injections and stuff.