Neither of those answers are correct, and when you correct the syntax you are laying yourself directly open to a mysql injection attack. You MUST make sure all the values are quoted in the SQL, AND that any quotes in the POSTed strings are escaped otherwise it is only going to be a short time before someone hacks the database and retrieves all the passwords (what they do is make the values they enter terminate your query and start one of their own if you don't robustly make it a string and nothing but a string in the query).
Also, please don't store the passwords in your database as plain text, that's just asking for trouble. Use the php function crypt and then when you validate the password use the same crypt function and compare the encrypted values. Use a known salt, which could be the username, or better, a separate column containing a randomly generated number as a salt - so you'd look up the username, retrieve the salt, pass it to crypt along with the password given and compare it with the encrypted password. (A different salt for each user means every password is encrypted differently so someone who gets hold of them can't compare with a known string). Alternatively, you could use the SQL function PASSWORD to encrypt the password both when entering and retrieving the user record for validation.
You also seem to be missing the u_id in your values. If it is auto generated, just omit the name form the list of fields (I'll assume that), but if not you must provide a value for it.
So, for first name etc, you need:
$firstN = mysql_escape_string($_POST['firstN']);
and similarly except for password, which might be
$salt = rand(100000, 999999); /* a six digit number */
$passw = mysql_escape_string(crypt($_POST['passw'], $salt));
/* and store salt as a column in the table as well for use in validation */
[Hmm: it seems Yahoo is missing some characters out when it displays this: DOLLAR UNDERSCORE POST SQBRACKET QUOTE variablename QUOTE CLOSESQBRACKET CLOSEPAREN SEMICOLON]
And for the query (note, no u_id, and note back ticks around field names - not vital in your case, but good practice, single quotes around each value, curly braces not vital but makes it clear what are PHP variables and what is plain text when substituting into a double-quoted PHP string).
$sql = "INSERT INTO `t_user`(`firstName`, ...) VALUES('{$firstN}', '{$lastN}', ... , '{$passw}')";
You could, of course, use '.' to concatenate the strings instead of embedding them in a double quoted string, or indeed use sprintf if that makes it clearer:
$sql = sprintf("INSERT INTO ... VALUES('%s','%s',...,'%s')", $firstN, ..., $passw);
Please don't think I'm just being cautious over the mysql injection attack: if you don't do it properly, it is only a matter of when not if!
Also, do set a database password and add a user other than root as the regular way of accessing it.