You are missing colons on your list of values.
Change this:
$sql = "INSERT INTO review (firstname, lastname, email, title, brief) values(firstname,lastname,email,title,brief)";
to:
$sql = "INSERT INTO review (firstname, lastname, email, title, brief) values(:firstname,:lastname,:email,:title,:brief)";