-3

May be it's almost 2 hours and I couldn't find the fault of my code.

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 3

$sql="INSERT INTO information ( Username, Email, Password, Name, Phone, Street, 
City, Country, Website, Gender, Day, Month, Year, Hometown, Accept )
VALUES
('$_POST[user]','$_POST[email]','$_POST[pass]','$_POST[first]','$_POST[phone]',
'$_POST[street]','$_POST[city]','$_POST[country]','$_POST[url]', '$_POST[sex]',
'$_POST[day]','$_POST[month]','$_POST[year]','$_POST[home]','$_POST[accept]'";
Shahriar Kabir
  • 274
  • 1
  • 9
  • 26
  • 4
    "What's wrong with my mysql code?" - firstly, it's vulnerable to [Little Bobby Tables.](http://xkcd.com/327/) –  Dec 20 '12 at 22:10
  • You probably need to escape all your form values. – Mike Christensen Dec 20 '12 at 22:10
  • Probably one of your values has a single apostrophe in it. This is yet another reason to use parametrized queries. The primary reason is that you are leaving yourself open to SQL injection. Please take a look at http://bobby-tables.com/php.html for examples of the right way to do queries in PHP. – Andy Lester Dec 20 '12 at 22:10
  • 3
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – Kermit Dec 20 '12 at 22:11
  • 2
    Your code is vulnerable to SQL Injection. Consider scrapping it entirely and replacing it with the techniques suggested here: http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection – Robert Harvey Dec 20 '12 at 22:11

3 Answers3

7

looks like you forgot the ending parenthesis ')'

Randy
  • 16,480
  • 1
  • 37
  • 55
2

It looks like your forgot to close your parenthesis. Also please sanitize your input, that is a terrible concept you're using

Sterling Archer
  • 22,070
  • 18
  • 81
  • 118
2

Missing the closing parenthesis on the VALUES clause...and use prepared statements.

tvanfosson
  • 524,688
  • 99
  • 697
  • 795