$db = JFactory::getDbo();
    $query = $db->getQuery(true);
    $columns = array('TIMESTAMP', 'USERIP', 'DOMAIN', 'ARTICLE','AUDIT','HTML');
 
    $values = array('NOW()', $db->quote(getRealIpAddr()), $db->quote($domain), $db->quote($article), $db->quote($audit), $db->quote($htmltext));
    $query
    ->insert($db->quoteName('#__dnstool'))
    ->columns($db->quoteName($columns))
    ->values(implode(',', $values));
 
    $db->setQuery($query);
    $db->execute();

$columns is an array of column names, $values is the corresponding array of values. Use $db→quote() to get rid of any reserved characters and prevent sql injection attacks