Abu Abu - 1 year ago 78
SQL Question

Unknown column?

Unknown column 'Abu' in 'field list'
So here is a little comment box I am working on
WHen I put in my name and comment it won't work, however if I put in name for name field and comment for comment field it works????
Here is my script

if($_POST['name'] && $_POST['comment'] && $submit)
$insert=mysql_query("INSERT INTO `comment (`name`,`comment`)
VALUES ($name,$comment) " ) or die(mysql_error());
echo "please fill out all fields";


if the data type of the columns are string, then the value should be wrapped with single quotes as they are string literals,

INSERT INTO comment (name,comment) VALUES ('$name','$comment')

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.