php - using json to update mysql database blank fields -

i'm trying insert records mysql db fields blank. here js:

$("#submit").click(function() {      var product1name     = $("input#product1name").val();     var product2name     = $("input#product2name").val();     var product3name     = $("input#product3name").val();     var product4name     = $("input#product4name").val();     var product5name     = $("input#product5name").val();     var product1quantity = $("input#product1quantity").val();     var product2quantity = $("input#product2quantity").val();     var product3quantity = $("input#product3quantity").val();     var product4quantity = $("input#product4quantity").val();     var product5quantity = $("input#product5quantity").val();      var datastring = 'product1name='+ product1name + 'product2name=' + product2name + 'product3name=' + product3name + 'product4name=' + product4name + 'product5name=' + product5name + 'product1quantity='+ product1quantity + 'product2quantity='+ product2quantity + 'product3quantity='+ product3quantity + 'product4quantity='+ product4quantity + 'product5quantity='+ product5quantity + 'salesid='+ salesid + 'email='+ email + 'wpuseremail='+ wpuseremail;      $.ajax({         type: "post",       url: "process.php",       data: datastring,       success: function(json) {           $('#contact_form').html("<div id='message'></div>");         $('#message').html(json.type)         .append(json.message)         .hide()         .fadein(1500, function() {           $('#message').append("<img id='checkmark' src='images/check.png' />");         });       }     });     return false;  }); 

here php:

<?php $product1quantity = $_post["product1quantity"]; $product2quantity = $_post["product2quantity"]; $product3quantity = $_post["product3quantity"]; $product4quantity = $_post["product4quantity"]; $product5quantity = $_post["product5quantity"];  $username = "user"; $password = "pass"; $hostname = "host";   $dbhandle = mysql_connect($hostname, $username, $password)  or die("unable connect mysql");  $selected = mysql_select_db("dbname",$dbhandle)   or die("could not select dbname");  $result = "insert dbname.tablename (product1name, product2name, product3name, product4name, product5name, product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, id) values ('', '', '', '', '', product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, null)"; mysql_query($result);  mysql_close($dbhandle);  $response = array('type'=>'', 'message'=>''); $response['type'] = 'success'; $response['message'] = 'thank-you submitting form!'; print json_encode("success"); ?> 

i've confirmed works when not use variables in insert statement, rather hardcoded values. seems wrong variables.

seems called variables doesnt have $ in front of them..

see

$result = "insert dbname.tablename (product1name, product2name, product3name,     product4name, product5name, product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, id) values ('', '', '', '', '', $product1quantity, $product2quantity, $product3quantity, $product4quantity, $product5quantity, null)"; 

but please fix code because highly risky insert directly post variables because of sql injection security vulnerabilities

you can consider using prepared statements pdo or mysqli

read more here: http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/