The error comes from the lack of a closing quote on your MySQL query:
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email') or die(mysql_error());
It should be:
mysql_query("INSERT contacts SET first_name='$first_name', last_name='$last_name',email ='$email'") or die(mysql_error());
Also you ask:
Also I have another question: Whats the easiest way to make this page secure? So only users who are authenticated through the login page can add a record?
If you are using Apache then you should you use Apache AuthType Basic
. More details are here. Details under “Getting it working.”