[SOLVED] Error MYSQL insert into table

[$username]

Here is an error I am getting with this code. Any Ideas why?

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'type1', '123123', 'Size1')' at line 1

 

<?php
} else {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$org_name = $_POST['org_name'];
$st_address = $_POST['st_address'];
$city_name = $_POST['city_name'];
$state_name = $_POST['state_name'];
$postal = $_POST['postal'];
$country = $_POST['country'];
$email_address = $_POST['email_address'];
$work_phone = $_POST['work_phone'];
$fax_number = $_POST['fax_number'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$type_t = $_POST['type_t'];
$size_t = $_POST['size_t'];
$amount_t = $_POST['amount_t'];


mysql_query("INSERT INTO `bbsew_email_list` (fname, lname, org_name, st_address, city_name, state_name, postal, country, email_address, work_phone, fax_number, subject, message, type, amount, size) VALUES ('$fname', '$lname', '$org_name', '$st_address', '$city_name', '$state_name', '$postal', '$country', '$email_address', '$work_phone', '$fax_number', '$subject', $message', '$type_t', '$amount_t', '$size_t')") or die(mysql_error());
echo "Your Info Has Been Added ";

}

[pocobueno1388]

Use mysql_real_escape_string() on all your variables.

[$username]

I found it.

  It was a miss quote  $message',

 

This fixed it.

 

Brett

[wildteen88]

You should still look in to using mysql_real_escape_string as pocobueno1388 suggested. Your code is prone to SQL Injection attacks, without it.