In HTML change as follows

<input type="text" name="pval[name]" value="test" />
<input type="city" name="pval[city]" value="Bangalore" />

Then in the server side

Updated :

// Need to have the predefined array which is having valid fields
$fields = array('name', 'city');

$pval = $_POST['pval'];
foreach( $pval as $field_name => $val ){

   if( ! isset($fields[$field_name]) ){ // If it is not a valid field name

      unset($pval[$field_name]);
   }

}

if( count($pval) > 0 ){

$pval = array_map( 'mysql_real_escape_string', $pval );

//Then its easy to write the query as follows

    $qry = "INSERT INTO table_name( ". implode( ',', array_keys( $pval ) ) .") values( '". implode( "','", $pval ) . "')";  
}