STOP
Inserting into a database directly from post is always a bad idea. This is the reason PHP is currently stuck with the very un-intuitive magic quotes.
You should at the very least be using mysql_real_escape_string() to escape your data. For example:
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error());
$query = "INSERT INTO users VALUES (
'" . mysql_real_escape_string($_POST["username"]) . "',
'" . mysql_real_escape_string($_POST["sha_pass_hash"]) . "',
'" . mysql_real_escape_string($_POST["email"]) . "',
'2'
)";
mysql_query($query);
The reason you have to do this is security based. For example if some malicious set the username field to '); DROP TABLE users;
without first escaping your data. You would end up blindly running the following query:
INSERT INTO users VALUES (''); DROP TABLE users;
Which of course isn't going to end well for your application.
This is the minimum you should be doing.
In reality you should really be moving onto MySQLi Which is a much more modern MySQL interface.
Here is an example
$mysqli = new mysqli('mysql_host', 'mysql_user', 'mysql_password', 'mysql_database');
$query = "INSERT INTO users VALUES (
'" . $mysqli->real_escape_string($_POST["username"]) . "',
'" . $mysqli->real_escape_string($_POST["sha_pass_hash"]) . "',
'" . $mysqli->real_escape_string($_POST["email"]) . "',
'2'
)";
$mysqli->query($query);
You can even use MySQL in a procedural style. So if Object orientated programing isn't with in your reach yet you will have no problems with MySQLi.
Hope that helps.