PHP wont update/insert

So here is my code, have no ide why its not working have been looking at it for hours, points to anyone who can figure it out. The variables are passed 开发者_Python百科fine, and server connection made. The error message the browser gives is,

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'username'', 'Saturday 20th of August 2011 02:02:22 PM', 'first', 'last', 'ssn' at line 2

i replaced the variable data back with the variable name so you can get an idea, so where is says first, the browser actually shows the first name i entered.

Thanks!

$HTTP_COOKIE_VARS['username'] = $username;
$email = $_REQUEST['email'];
 $Todaysdate = date('l jS \of F Y h:i:s A');
 $firstname = $_REQUEST['firstname'];
 $lastname = $_REQUEST['lastname'];
 $ssn = $_REQUEST['ssn'];  
 $street = $_REQUEST['street']; 
 $city = $_REQUEST['city'];
 $zip = $_REQUEST['zip'];
 $phone1 = $_REQUEST['phone1'];
 $phone2 = $_REQUEST['phone2']; 
 $hdhas = $_REQUEST['hdhas'];
 $mi= $_REQUEST['mi'];





 $query = ("INSERT INTO Members (username, email, todaysdate, firstname, lastname, ssn,       street, city, zip, phone1, phone2, hdhas, mi)
 VALUES('$username','$email', '$Todaysdate', '$firstname', '$lastname', '$ssn', '$street', '$city', '$zip', '$phone1', '$phone2', '$hdhas', '$mi')");



 $checkuser = mysql_query("SELECT username FROM Members WHERE username='$username'"); 


 if(mysql_num_rows($checkuser)>0)
{
 mysql_query("UPDATE Members SET email='$email', username='$username', todaysdate='$Todaysdate', firstname='$firstname', lastname='$lastname', ssn='$ssn',  street='$street', city='$city', zip='$zip', phone1='$phone1', phone2='$phone2',  hdhas='$hdhas', mi='$mi' WHERE username = '$username'");
 } 

else {
mysql_query($query);
}

mysql_query($query) or die(mysql_error());
mysql_close();

---

Username is probably username'. Try to add mysql_real_escape_string() around your variables and read about SQL Injection