How to debug an error in SQL syntax?

Question

I'm new to SQL/PHP and I can't get over an error message :

"You have an error in your SQL syntax; 
check the manual that corresponds to your MySQL server version 
for the right syntax to use near '1',"

I'm trying to debug this error but I look for '1' in my script and I only have this bit :

//enter information into table
$sql = "INSERT INTO $_SESSION[table_name] VALUES 
        ('$_POST[first_name]', '$_POST[last_name]', '$_POST[user_name]', 
           password('$_POST[password]'), 'Administrators', '', '', '0', '$_SESSION[admin_email]',
          '$_POST[redirect_to]', '1', '$date')";

$result = @mysql_query($sql,$connection) or die(mysql_error());

if($result)
{...

1. I don't find any problem with this.

2. I don't know how to debug this, how should I proceed to find the error? any clues?

I'm not sure I'm looking to the script in the right place, but this is the only entry where I have '1', that the error message tells me to look at...

The syntax in SQL seems to be correct after checking the manual... I'm using MySQL 5.5.24 in WAMP server.

I'm trying to install "Login-Redirect v1.31" for user authentication.

If anyone can help me I'd really appreciate it!

Answer 1

STOP

Before you go any farther with this code, read up about SQL injection attacks, and FIX YOUR CODE

Your syntax error is almost certainly caused by an injection fault, undoubtedly from an extra ' somewhere in the data you're inserting into your query. You are passing in raw user-supplied data into the query, allowing a malicious user to take over your server, destroy your database, kick your dog, etc...

Beyond this, do an echo $sql and paste the results here, we'll be able to show you exactly where the bad ' is.