MYSQL/PHP Help

Ive been trying to get this to work for a while after many problems i managed to get the echo to finaly spit out parameters, but now im trying to add my data to my table and i still get the echo but its not added to my database, i know its connected find but i dont get no errors or nothing and hopefully some one here can help

<?
require_once('db.php');
include('functions.php');

$headers = emu_getallheaders(); // Just replace any use of `apache_request_headers()` with `emu_getallheaders()`.

$objectName = $headers["X-SecondLife-Object-Name"];
$objectKey = $headers["X-SecondLife-Object-Key"];
$ownerKey     = $headers["X-SecondLife-Owner-Key"];
$ownerName = $headers["X-SecondLife-Owner-Name"];
$region        = $headers["X-SecondLife-Region"];
// and so on for getting all the other variables ...

// get things from $_POST[]
// Naturally enough, if this is empty, you won't get anything
$parameter1    = $_REQUEST["parameter1"];
$parameter2    = $_REQUEST["parameter2"];
$parameter3    = $_REQUEST["parameter3"];
$parameter4    = $_REQUEST["parameter4"];
$parameter5    = $_REQUEST["parameter5"];
$parameter6    = $_REQUEST["parameter6"];
$parameter7    = $_REQUEST["parameter7"];

$sql=mysql_query("INSERT INTO boxes VALUES ($parameter1, $parameter2, $parameter3, $parameter4, $parameter5, $parameter6, $parameter7)");

echo $ownerName . " just said " . $parameter2 . " " . $parameter3 . "\n";
?> 

i think my problem is here
$sql=mysql_query("INSERT INTO boxes VALUES ($parameter1, $parameter2, $parameter3, $parameter4, $parameter5, $parameter6, $parameter7)";

Have you checked your webserver's error log? It might contain helpful error output.

The DDL for your 'boxes' table might help, but in any case here are my thoughts:

1.) Some SQL drivers require you have a terminating character (usually ';', but in some rare cases it must be changed to accommodate the creation of stored procedures and such) at the end of your statement. I find it safest to always include it.

2.) If the values you are inserting are strings (as opposed to integers or something), you will need to enclose them in quote characters inside the SQL (double or single quotes). Or you can use placeholders, which may be a good idea to avoid both confusion with nested quotes and possible issues with expansion/interpretation (though I think you might be okay in this case; you have to be more careful in languages like Perl). Most drivers accept question marks ('?') as parameter placeholders, and have a mechanism for giving placeholder values when you execute the statement. You might need more than one code statement to execute your query though.

3.) It is a good idea to always list the columns you are inserting into. Otherwise the engine will most likely expect a value for every column and use the column order you specified in the DDL (CREATE/ALTER TABLE statements), but it is best not to rely on this. Make it explicit.

So assuming your parameters are strings I recommend using syntax more like (substitute the real names of your columns, and note that backticks are used for the table and column names, whereas single-quote characters are used to delimit string values, to avoid interfering with the double quotes you are using in your PHP code):

INSERT INTO `boxes`
   (`column1`, `column2`, `column3`, `column4`, `column5`, `column6`, `column7`)
VALUES
   (?, ?, ?, ?, ?, ?, ?);

or, if you must:

INSERT INTO `boxes`
   (`column1`, `column2`, `column3`, `column4`, `column5`, `column6`, `column7`)
VALUES
   ('$parameter1', '$parameter2', '$parameter3', '$parameter4', '$parameter5', '$parameter6', '$parameter7');

thanks for the response Hewee Zetkin it turns out you were right it was my syntax, i just had to add some 's

mysql_query("INSERT INTO boxes VALUES ('$parameter1', '$parameter2', '$parameter3', '$parameter4', '$parameter5', '$parameter6', '$parameter7')" or die(mysql_error());