There is one more issue to consider, among:
a) Correct number of fileds and values
b) enclosing text,date fields with quotes, numeric fields without quotes
c) putting a default value for fields if the submitted data is empty

In the text fields, if the user types something like:
Moh'd Ali
or any word which includes a hyphen in it, the statement will give syntax
error too.

Either do not allow to accept a hyphen OR validate and trim the field b4
executing SQL statement.