Abu - 1 year ago 86
SQL Question

# Unknown column?

Unknown column 'Abu' in 'field list'
So here is a little comment box I am working on
http://abu.cpvp.net/cupcakes.php
WHen I put in my name and comment it won't work, however if I put in name for name field and comment for comment field it works????
Here is my script

$name=$_POST['name'];
$comment=$_POST['comment'];
$submit=$_POST['post'];
if($_POST['name'] &&$_POST['comment']  && $submit) {$insert=mysql_query("INSERT INTO comment (name,comment)
VALUES ($name,$comment) " ) or die(mysql_error());
}
else
{
echo "please fill out all fields";
}


INSERT INTO comment (name,comment) VALUES ('$name','$comment')

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements` you can get rid of using single quotes around values.