1. As Thaddeus answered, this will require a
form. In addition, this form will need a
method="POST" attribute.
2. The operation on the database will be an
INSERT, and the appropriate method to call that within PHP is
execute() and not
query()
3. To avoid risks of SQL Injection, your SQL command should not be a string concantenation. You should utilize parameters.
Please review the PHP information for this, which has samples
http://php.net/manual/en/pdo.prepared-statements.php[
^]