Abu Abu - 6 months ago 23
SQL Question

Unknown column?

Unknown column 'Abu' in 'field list'
So here is a little comment box I am working on
http://abu.cpvp.net/cupcakes.php
WHen I put in my name and comment it won't work, however if I put in name for name field and comment for comment field it works????
Here is my script

$name=$_POST['name'];
$comment=$_POST['comment'];
$submit=$_POST['post'];
if($_POST['name'] && $_POST['comment'] && $submit)
{
$insert=mysql_query("INSERT INTO `comment (`name`,`comment`)
VALUES ($name,$comment) " ) or die(mysql_error());
}
else
{
echo "please fill out all fields";
}

Answer

if the data type of the columns are string, then the value should be wrapped with single quotes as they are string literals,

INSERT INTO comment (name,comment) VALUES ('$name','$comment')

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.