I'm working from the W3Schools tutorial for MySQL and it seems either some of the code is outdated or I'm just missing something utterly stupid. In trying to pass on information to a database, I get this error:
Error: Unknown column 'd' in 'field list'
I'm attempting to pass info on from a form submission that then links to this page, where it grabs the info the user enters to create a new entry into the database.
Here is the code for the form submission.
<html>
<body>
<form action="3ainsert.php" method="post">
Firstname: <input type="text" name="firstname">
Lastname: <input type="text" name="lastname">
Age: <input type="text" name="age">
<input type="submit">
</form>
</body>
</html>
Here is the code for the other page:
<?php
$con=mysqli_connect();
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);
$sql="INSERT INTO persons (FirstName, LastName, Age)
VALUES ($firstname, $lastname, $age)";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
Your query isn't encasing the values in quotes:
$sql="INSERT INTO persons (FirstName, LastName, Age)
VALUES ('$firstname', '$lastname', '$age')";
However please note that generally using prepared statements is preferred over directly inserting into a query.
Related
I'm trying to add revived form input into database.
<form action="index.php" method="post">
<input type="text" name="firstname" id="firstname">
<br>
<input type="text" name="lastname" id="lastname">
<br>
<input type="submit" name="submit" value="Submit">
if(isset($_POST['submit'])) {
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$query = "INSERT INTO users (firstname, lastname) VALUES ($firstname, $lastname)";
if($conn->query($query) === true) {
echo "added";
}else {
echo $con->error;
}
Example : Firstname = Jason / Lastname = Haw
After clicking on submit button, i see error message : Unknown column 'Jason' in 'field list'
Where is the wrong thing to do?
$query = "INSERT INTO users (firstname, lastname) VALUES ('$firstname', '$lastname')";
put single quote for $firstname.
but this is not a proper approach, you should use prepared statement.
your query is risk of sql injection, because no escaping the input.
So I'm trying to allow a form to add data to a mySQL table. I have this form
<form name="addBook" action="addBook.php" method="post" >
ISBN: <input type="text" name="isbn"><br />
Name: <input type="text" name="name"><br />
Edition: <input type="text" name="edition"><br />
Author: <input type="text" name="author"><br />
Class: <input type="text" name="class"><br />
Department: <input type="text" name="department"><br />
Condition: <input type="text" name="condition"><br /><br />
<input type="submit" value="Add Book">
</form>
Where addBook.php is...
<?php
$con=mysqli_connect("cclloyd.com","cclloyd","","Inventory");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$isbn = mysqli_real_escape_string($con, $_POST['isbn']);
$name = mysqli_real_escape_string($con, $_POST['name']);
$edition = mysqli_real_escape_string($con, $_POST['edition']);
$author = mysqli_real_escape_string($con, $_POST['author']);
$class = mysqli_real_escape_string($con, $_POST['class']);
$department = mysqli_real_escape_string($con, $_POST['department']);
$condition = mysqli_real_escape_string($con, $_POST['condition']);
$sql="INSERT INTO Books (isbn, name, edition, author, class, department, condition)
VALUES ('$isbn', '$name', '$edition', '$author', '$class', '$department', '$condition')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
header('Location: http://umassd.cclloyd.com/bookadded.php' ) ;
?>
And when I executed it, I get this error.
"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'condition) VALUES ('l', 'lk', 'l', 'k', 'j', 'h', 'h')' at line 1"
Where those were just random things I put in to fill the form. Where is the error? I looked online a lot and they all say to enter it like I have it.
condition is reserved word for Mysql. Check the reserved words here
Put the word in quotes.
Please use this
$sql="INSERT INTO Books (`isbn`, `name`, `edition`, `author`, `class`, `department`, `condition`)
VALUES ('$isbn', '$name', '$edition', '$author', '$class', '$department', '$condition')";
I am inserting data in my WAMP database from user input:
PHP
<?php
$con=mysqli_connect("127.0.0.1","beni","2155","visitbulgaria");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$forename = mysqli_real_escape_string($con,$_POST['Forename']);
$surname = mysqli_real_escape_string($con,$_POST['Surname']);
$email = mysqli_real_escape_string($con,$_POST['Email']);
$username = mysqli_real_escape_string ($con,$_POST['Username']);
$password = mysqli_real_escape_string ($con,$_POST['Password']);
$sql="INSERT INTO `customer`(`Forename`, `Surname`, `Email`, `Username`, `Password`)
VALUES ('$forename', '$surname', '$email', '$username', '$password')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
HTML
<html>
<body>
<form action="insert.php" method="post">
Firstname: <input type="text" name="Forename">
Lastname: <input type="text" name="Surname">
Email: <input type="text" name="Email">
username: <input type="text" name="Username">
pass: <input type="text" name="Password">
<input type="submit">
</form>
</body>
</html>
whah happens here is that on submit it does work but when I look at the database in phpMyAdmin it has only added the first three record (forename, surname and email and then the username and password field are left blank, and I have no idea how to fix that and why it is doing it.
I want to write from my form to my database. I'm confused because this resembles the scripts from tutorials and there it works.
Form (w3schools example) extract:
<form action="insert.php" method="post">
Firstname: <input type="text" name="firstname">
Lastname: <input type="text" name="lastname">
Age: <input type="text" name="age">
<input type="submit">
</form>
php:
<?php
$con=mysqli_connect("localhost","XXX","AAA","databasename");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$firstname = mysqli_real_escape_string($_POST['firstname']);
$lastname = mysqli_real_escape_string($_POST['lastname']);
$age = mysqli_real_escape_string($_POST['age']);
$sql="INSERT INTO test (firstname, lastname, age)
VALUES ('$firstname', '$lastname', '$age')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
This adds a new row to my database with each submission. The problem: this added row is empty, except for the age column which is always 0, regardless of what I submit.
Where is my mistake?
Refer to php document you must give two values to mysqli_real_escape_string.
try this:
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);
I am trying to make an incredibly basic form that adds First name, last name, and age to a very basic database called Test. Here is my HTML code:
<html>
<head>
</head>
<body>
<h1>Welcome!</h1>
<br>
<form action="insert.php" method="post">
Firstname: <input type="text" name="firstname">
Lastname: <input type="text" name="lastname">
Age: <input type="text" name="age">
<input type="submit">
</form>
<input type="submit">
</form>
</body>
</body>
</html>
And this is my PHP code, with the DB name, host, and login info hidden:
<?php
$con=mysqli_connect("HOST","USER","PASS","DB");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql= "INSERT INTO Test ('First Name', 'Last Name', 'Age')
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
This is my error when I type data in to the form and submit it. I am directed to this page:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''First Name', 'Last Name', 'Age') VALUES ('Robert','Maxwell','18')' at line 1
Change
$sql= "INSERT INTO Test ('First Name', 'Last Name', 'Age')
for
$sql= "INSERT INTO Test (`First Name`, `Last Name`, `Age`)
;-)
Your query is incorrect, you wont have spaces in your column tables - they must be camel case (FirstName) or underscore (first_name)
$sql= "INSERT INTO Test (`First_Name`, `Last_Name`, `Age`)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";
or
$sql= "INSERT INTO Test (`FirstName`, `LastName`, `Age`)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";
NB: Do NOT use in production, your queries are exposed. Look into protecting your queries against SQL injection.