Form data wont insert into SQL db

Question

I am trying to make a simple appeal form that the data gets posted to a SQL database. But when i submit, either nothing happens, or blank data gets submitted.

Heres my form:

<form class="form-horizontal" role="form" action="insert.php" method="post">
  <div class="form-group">

    <label for="user" class="col-sm-2 control-label">
      Username:
    </label>
    <div class="col-sm-10">
      <input type="text" class="form-control" name="user" id="user" placeholder="DiscordTag#0000" />
    </div>
  </div>
  <div class="form-group">

    <label for="date" class="col-sm-2 control-label">
      Date of ban:
    </label>
    <div class="col-sm-10">
      <input type="date" class="form-control" name="date" id="date" placeholder="mm/dd/yy" />
    </div>
  </div>
  <div class="form-group">

    <label for="admin" class="col-sm-2 control-label">
      Who banned you?
    </label>
    <div class="col-sm-10">
      <input type="text" class="form-control" name="admin" id="admin" />
    </div>
  </div>
  <div class="form-group">

    <label for="appeal" class="col-sm-2 control-label">
      Appeal:
    </label>
    <div class="col-sm-10">
      <textarea class="form-control" rows="4" name="appeal" id="appeal"></textarea>
    </div>
  </div>
  <div class="form-group">
    <div class="col-sm-offset-2 col-sm-10">

      <button type="submit" class="btn btn-default">
        Submit
      </button>
    </div>
  </div>
</form>

And here is my insert.php

<html>
<?
    error_reporting(E_ALL); 

    $db_host = 'redacted';
    $db_username = 'redacted';
    $db_password = 'redacted';
    $db_name = 'redacted';

    if( $_POST )
    {
        $conn = mysql_connect( $db_host, $db_username, $db_password);

        if (!$conn)
        {
            die('Could not connect: ' . mysql_error());
        } else {
            mysql_select_db("redacted");
        }

        $user = $_POST['user'];
        $date = $_POST['date'];
        $admin = $_POST['admin'];
        $appeal = $_POST['appeal'];

        $sql = 'INSERT INTO appeals' . '(user, date, admin, appeal)'
                .'VALUES ($user, $date, $admin, $appeal)';

        $retval = mysql_query( $sql, $conn );

        if(! $retval ) {
            die('Could not enter data: ' . mysql_error());
        }

        echo "<h2>Your appeal has been submitted.</h2>";

        mysql_close($conn);
    }
?>
</html>

How can i make it submit all of the form data directly into my SQL table?

Answer 1

Use "INSERT INTO appeals (user, date, admin, appeal) VALUES ('".$user."', '".$date."', '".$admin."', '".$appeal."')";

And sanitize, because you are asking for an sql injection.