If using the (deprecated) mysql PHP extension, you should sanitize all non-numeric inputs via mysql_real_escape_string().
$query = sprintf(
"INSERT INTO users VALUES" . "('', '%s', '%s', '%s', '%s', '%s', '%s')";
mysql_real_escape_string($first_name),
mysql_real_escape_string($last_Name),
mysql_real_escape_string($user_email),
mysql_real_escape_string($mailing_address),
mysql_real_escape_string($user_name),
mysql_real_escape_string($user_pass)
);
if(mysql_query($query) == false) {
throw new Exception(mysql_error().PHP_EOL.$query);
}
Also, my suspicion is that the first value should be NULL instead of '', assuming it's an auto-numbered primary key? (Actually, if that's the case, you could provide a list of columns that does not include that field, then you don't have to have it in your VALUES() clause; besides which using an explicit field list avoids nasty bugs when your database table is altered in any way that changes the default field order.