Abu Abu - 1 year ago 94
SQL Question

Unknown column?

Unknown column 'Abu' in 'field list'
So here is a little comment box I am working on
WHen I put in my name and comment it won't work, however if I put in name for name field and comment for comment field it works????
Here is my script

if($_POST['name'] && $_POST['comment'] && $submit)
$insert=mysql_query("INSERT INTO `comment (`name`,`comment`)
VALUES ($name,$comment) " ) or die(mysql_error());
echo "please fill out all fields";

Answer Source

if the data type of the columns are string, then the value should be wrapped with single quotes as they are string literals,

INSERT INTO comment (name,comment) VALUES ('$name','$comment')

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.