SQL fejl i query

Når jeg prøver at opdatere en felt/felter får jeg denne fejl meddelelse

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'by=Br�nsh�j, navn=Knud, postnummer=2700, tlf=12345678 WHERE id =12' at line 1

Min index side ser sådan her ud

<body>

<?php
require_once('db.php');
require_once('Underviser.php');



$underviser = Underviser::find_all();

?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<?php
foreach($underviser as $us)
{
echo "
<tr>
<td width='100'>Undervisere ID</td>
<td><input name='id' type='text' value=". $us->id ." id='id' readonly></td>
</tr>
<tr> <td width='100'>Navn</td>
<td><input name='navn' type='text' value=". $us->navn . " id='navn'></td>
</tr>
<tr>
<td width='100'>Adresse</td>
<td><input name='adresse' type='text' value=". $us->adresse. " id='adresse'></td>
</tr>
<tr>
<td width='100'>By</td>
<td><input name='by' type='text' value=". $us->by. " id='by'></td>
</tr>
<tr>
<td width='100'>Telefon</td>
<td><input name='tlf' type='text' value=". $us->tlf. " id='tlf'></td>
</tr>
<tr>
<td width='100'>Postnummer</td>
<td><input name='postnummer' type='text' value=". $us->postnummer . " id='postnummer'></td>
</tr>
<tr>
<td width='100'> </td>
<td>
<input name='update' type='submit' id='update' value='Update'>
</td>
</tr>";
}
if(isset($_POST['update']))
{
    $id = $_POST['id'];
    $navn = $_POST['navn'];
    $adresse = $_POST['adresse'];
    $by = $_POST['by'];
    $tlf = $_POST['tlf'];
    $postnummer = $_POST['postnummer'];
   
$database->query("UPDATE undervisere SET adresse=$adresse, by=$by, navn=$navn, postnummer=$postnummer, tlf=$tlf WHERE id =$id");
   
}


?>

db.php

public function query($sql) {
        $this->last_query = $sql;
        $result = mysql_query($sql, $this->connection);
        $this->confirm_query($result);
        return $result;
    }

nogle der ved hvor problemet ligger?