Hello, I am making a registration form and I get an error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for thhe right syntax to use near" at line 1"
This is the create.php

PHP Code:
<?php include("inc/incfiles/header.inc.php"); ?>

<?php

$reg 
= @$_POST['reg'];
$fname = @$_POST['firstname'];
$lname = @$_POST['lastname'];
$username = @$_POST['username'];
$email = @$_POST['email'];
$password = @$_POST['password'];
$password2 = @$_POST['password2'];
$u_check = @$_POST[''];

// reg form
$firstname strip_tags(@$_POST['firstname']);
$lastname strip_tags(@$_POST['lastname']);
$username strip_tags(@$_POST['username']);
$email strip_tags(@$_POST['email']);
$password strip_tags(@$_POST['password']);
$password2 strip_tags(@$_POST['password2']);

if (
$reg) {
// Check if user already exists
$u_check mysql_query("SELECT username FROM users WHERE username='$username'");
// Count the amount of rows where username = $un
$check mysql_num_rows($u_check);
if (
$check == 0) {
//check all of the fields have been filed in
if ($firstname&&$lastname&&$username&&$email&&$password&&$password2) {
// check that passwords match
if ($password==$password2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($username)>25||strlen($firstname)>25||strlen($lastname)>25) {
echo 
"The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($password)>30||strlen($password)<5) {
echo 
"Your password must be between 5 and 30 characters long!";
}
else
{
$query mysql_query("INSERT INTO users VALUES ($firstname,'$lastname','$username','$email','$password'"); die(mysql_error());
die(
"Well done, you've made your account. <a href=\"logout.php\"Logout?");
}
}
}
else {
echo 
"<img src='img/x.png'>Your passwords don't match!";
}
}
else
{
echo 
"Please fill in all of the fields";
}
}
else
{
echo 
"Username already taken ...";
}
}
?>
<br /><br /><br /><br />
<form action='create.php' method='POST'>
<div id="create">
    <table>
        <tr>
            <td> First Name: </td>
            <td><input type="text" name="firstname" /></td>
        </tr>
        <tr>
            <td> Last Name: </td>
            <td><input type="text" name="lastname" /></td>
        </tr>
        <tr>
            <td> Username: </td>
            <td><input type="text" name="username" /><br /></td>
        </tr>
        <tr>
            <td> Email: </td>
            <td><input type="text" name="email" /><br /></td>
        </tr>
        <tr>
            <td> Password: </td>
            <td><input type="password" name="password" /><br /></td>
        </tr>
        <tr>
            <td> Repeat Password: </td>
            <td><input type="password" name="password2" /><br /></td>
        </tr>
        <tr>
            <td><input type="submit" name="reg" value="Sign Up!"></td>
        </tr>
    </table>
</div>
</form>