The data that your’re grabbing from the $_POST needs to be sanitized and then a prepared statement used for the insertion otherwise you leave yourself wide open to SQL Injection Attack
Isn’t the “insert” query going to create a new row for each data item, rather than placing them in individual columns in the same row? I may be misunderstanding the question, though.