Hi there..
Once running through your post. Well I believe the problem more or less would be in reltaion to the sql query.
The parameters of a form will be available be available in a string format when you use the POST option. I've noticed that your sql statement , encloses the the values in single quotes.
When you echo the sql statement you would probably be getting a statement which would be like values(xyz,1,ten), where as it should be values('xyz',1,'ten') . Notice the quotes.
Kindly try it and let me know