Check your database table fields. There is exactly the same number of fields in DB table as in your SQL command? However, without an exact error message it is just a wild guess.
And heed the other responders hints about the USING and the SQL injection problems, it maybe lead to serious problems.
EDIT:
If you define the command like this:
insert into tbl_user (field1, field2, field3) values (@param1, @param2, @param3);
then:
* code isn't crash when you add more fields to tbl_user table,
* you not forced to add all the unnecesary parameters to this command.