I'm trying to execute this:
$result = mysql_query("INSERT INTO timesheet (project_no,user,cust_name,notes,duration) VALUES("'".$_POST['project']."', '".$_POST['user']."', '".$_POST['cust']."', '".$_POST['notes']."', '".$_POST['duration']."'")") or die(mysql_error());
I'm aware of SQL injection. But for now can anyone spot the issues with apostrophes, speech marks etc??