SQL syntax; .... for the right syntax to use near ') VALUES ( )' at line 1

Question

I get his error when trying to open a form.

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES ( )' at line 1

Here is the file

<?php
 $con = mysql_connect("localhost","*********","**************");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("**********", $con);


    $sql = "INSERT INTO pc_owner (pcname,pcphone,pccellphone,pcworkphone,pcmake,pcemail,pcaddress,pcaddress2,pcstate,pccity,pczip,pcram,pcproc,pchd,pcserial,pcextra,pcgroupid,custsourceid,prefcontact,pcnotes,)
VALUES (
$_POST[pcname]
$_POST[pcaddress]
$_POST[pcaddress2]
$_POST[pcstate]
$_POST[pccity]
$_POST[pczip]
$_POST[pccellphone] 
$_POST[pcphone]
$_POST[pcworkphone]
$_POST[pcemail]
$_POST[pcmake]
$_POST[pcram]
$_POST[pcproc]
$_POST[pchd]
$_POST[pcserial]
$_POST[pcextra]
$_POST[pcgroupid]
$_POST[prefcontact]
$_POST[pcnotes]
$_POST[custsourceid])";
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    $last_insert_pcid = mysql_insert_id();

    $sql = "INSERT INTO pc_wo (pcid, probdesc, virusesfound, custnotes, technotes, dropdate, pickupdate, readydate, pcstatus, called, thepass, custassets, bench, workarea, pcpriority, cityuser, cobyuser, commonproblems, storeid, thesig, assigneduser) VALUES ('$last_insert_pcid','NULL','$_POST[woid]','$_POST[pcid]','$_POST[probdesc]','$_POST[virusesfound]','$_POST[custnotes]','$_POST[technotes]','$_POST[dropdate]','$_POST[pickupdate]','$_POST[readydate]','$_POST[pcstatus]','$_POST[pcstatus]','$_POST[called]','$_POST[thepass]','$_POST[custassets]','$_POST[bench]','$_POST[workarea]','$_POST[pcpriority]','$_POST[cibyuser]','$_POST[cobyuser]','$_POST[commonproblems]','$_POST[storeid]','$_POST[thesig]','$_POST[assigneduser]')";
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    $last_insert_woid = mysql_insert_id();

    $result = mysql_query("SELECT * FROM pc_owner WHERE pcid='$last_insert_pcid'");

    $result1 = mysql_query("SELECT * FROM pc_wo WHERE woid='$last_insert_woid'");
    echo "<table border='1'>
    <tr>
    <th>Computer id</th>
    <th>Name</th>
    <th>Phone Number</th>
    <th>Mobile</th>
    <th>Work</th>
    <th>Email</th>
    <th>Address</th>
    <th>Second Line</th>
    <th>State</th>
    <th>City</th>
    <th>Postal Code</th>
    <th>WorkOrder Id</th>
    <th>PC Id</th>
    <th>Pc make</th>
    <th>probdes</th>
    <th>virusesfound</th>
    <th>Ram</th>
    <th>pcprod</th>
    <th>HDD</th>
    <th>Pc Serial No</th>
    <th>Pc Extra</th>
    <th>Pc Note</th>
    <th>custnotes</th>
    <th>technotes</th>
    <th>dropdate</th>
    <th>pickupdate</th>
    <th>readydate</th>
    <th>pcstatus</th>
    <th>called</th>
    <th>thepass</th>
    <th>custassets</th>
    <th>bench</th>
    <th>workarea</th>
    <th>pcpriorty</th>
    <th>Checked in by</th>
    <th>Checked out by</th>
    <th>Common Problems</th>
    <th>Store Id</th>
    <th>Assigned User</th>
    </tr>";
    while($row = mysql_fetch_array($result))
    {
    echo "<tr>";
    echo "<td>" . $row['pcid'] . "</td>";
    echo "<td>" . $row['pcname'] . "</td>";
    echo "<td>" . $row['pcphone'] . "</td>";
    echo "<td>" .$row['pccellphone'] . "</td>";
    echo "<td>" .$row['pcworkphone'] . "</td>";
    echo "<td>" .$row['pcemail'] . "</td>";
    echo "<td>" .$row['pcaddress'] . "</td>";
    echo "<td>" .$row['pcaddress2'] . "</td>";
    echo "<td>" .$row['pcstate'] . "</td>";
    echo "<td>" .$row['pccity'] . "</td>";
    echo "<td>" .$row['pczip'] . "</td>";
    }
    //considering these are the values returned by 1st query (ie., table client)
    while($row = mysql_fetch_array($result1)) {

    echo "<td>" .$row['woid'] . "</td>";
    echo "<td>" .$row['pcid'] . "</td>";
    echo "<td>" .$row['pcmake'] . "</td>";
    echo "<td>" .$row['pcprobdesc'] . "</td>";
    echo "<td>" .$row['virusesfound'] . "</td>";
    echo "<td>" .$row['pcram'] . "</td>";
    echo "<td>" .$row['pcproc'] . "</td>";
    echo "<td>" .$row['pchd'] . "</td>";
    echo "<td>" .$row['pcserial'] . "</td>";
    echo "<td>" .$row['pcextra'] . "</td>";
    echo "<td>" .$row['pcnotes'] . "</td>";
    echo "<td>" .$row['custnotes'] . "</td>";
    echo "<td>" .$row['technotes'] . "</td>";
    echo "<td>" .$row['dropdate'] . "</td>";
    echo "<td>" .$row['pickupdate'] . "</td>";
    echo "<td>" .$row['readydate'] . "</td>";
    echo "<td>" .$row['pcstatus'] . "</td>";
    echo "<td>" .$row['called'] . "</td>";
    echo "<td>" .$row['thepass'] . "</td>";
    echo "<td>" .$row['custassets'] . "</td>";
    echo "<td>" .$row['bench'] . "</td>";
    echo "<td>" .$row['workarea'] . "</td>";
    echo "<td>" .$row['pcpriority'] . "</td>";
    echo "<td>" .$row['cibyuser'] . "</td>";
    echo "<td>" .$row['cobyuser'] . "</td>";
    echo "<td>" .$row['commonproblems'] . "</td>";
    echo "<td>" .$row['storeid'] . "</td>";
    echo "<td>" .$row['thesig'] . "</td>";
    echo "<td>" .$row['assigneduser'] . "</td>";
    echo "</tr>";
    }
    echo "</table>";
    echo "woid is complete";
    print "Thank you for booking with us and your Repair ID number is ".$last_insert_woid;
    mysql_close($con);
    ?>

Any ideas why its happening?

Answer 1

remove the comma

... prefcontact,pcnotes,) VALUES ...
                       ^----------here

And you need commas to seperate your values.

And you should never use your input data to put it in your DB without escaping it.

See how to prevent SQL injections

Answer 2

3 things, remove the extra comma from here $sql = "INSERT INTO pc_owner (pcname,pcphone,pccellphone,pcworkphone,pcmake,pcemail,pcaddress,pcaddress2,pcstate,pccity,pczip,pcram,pcproc,pchd,pcserial,pcextra,pcgroupid,custsourceid,prefcontact,pcnotes,)

and you need to surround the values with quotes ', followed by commas, like VALUES ('$_POST[pcname]','$_POST[pcaddress]', ....)";