I am unable to insert data. The error is:
Error: Unknown column '' in 'field list'
It is simpy an HTML form page and data is taken by the user to insert in a database dB.
Help is truly required. I am unable to get the error things. I am a newbie.
<?php
$con=mysqli_connect("localhost", "root", "root","dB");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$enrollno=$_POST['enrollno'];
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$fathername=$_POST['fathername'];
$coursename=$_POST['coursename'];
$yearsem=$_POST['yearsem'];
$facultyno=$_POST['facultyno'];
$hostel=$_POST['hostel'];
$roomno=$_POST['roomno'];
$email=$_POST['email'];
$mobileno=$_POST['mobileno'];
$peradd=$_POST['peradd'];
$district=$_POST['district'];
$state=$_POST['state'];
$amount=$_POST['amount'];
$pwd=$_POST['pwd'];
$tnc=$_POST['tnc'];
$sql="INSERT INTO registration (enrollno, fname, lname, fathername, coursename, yearsem, facultyno, hostel, roomno, email, mobileno, peradd, district, state, amount, pwd, tnc) VALUES ('$enrollno',`$fname`,`$lname`,`$fathername`,`$coursename`,`$yearsem`,`$facultyno`,`$hostel`,`$roomno`,`$email`,`$mobileno`,`$peradd`,`$district`,`$state`,`$amount`,`$pwd`,'$tnc')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
You are using backticks[used for columns] for variables. Make use of single quotes. Try the below code
$sql="INSERT INTO registration (enrollno, fname, lname, fathername, coursename, yearsem, facultyno, hostel, roomno, email, mobileno, peradd, district, state, amount, pwd, tnc) VALUES ('$enrollno','$fname','$lname','$fathername','$coursename','$yearsem','$facultyno','$hostel','$roomno','$email','$mobileno','$peradd','$district','$state','$amount','$pwd','$tnc')";
The values in the INSERT INTO query must be enclosed with single quotes ' not backticks and not a mixture of both. Backticks can only be used on the field and table name.
$sql="INSERT INTO registration (enrollno, fname, lname, fathername, coursename, yearsem, facultyno, hostel, roomno, email, mobileno, peradd, district, state, amount, pwd, tnc) VALUES ('$enrollno','$fname','$lname','$fathername','$coursename','$yearsem','$facultyno','$hostel','$roomno','$email','$mobileno','$peradd','$district','$state','$amount','$pwd','$tnc')";
Side note: your code is vulnerable to SQL Injection. Consider using a Prepared Statement with bound parameters instead of concatenating user input into the query.
Related
i'm trying to input a form into my database, but there are two different errors showing
"Error: INSERT INTO movie (firstname, surname, phonenumber, email, movie, session, day) values(jon, doe, johndoe#icloud.com, 123456789, halloween, afternoon, tuesday)You have an error in your SQL syntax;
check the manual that corresponds to your MariaDB server version for the right syntax to use near '#icloud.com, 123456789, halloween, afternoon, tuesday)' at line 3"
i tried removin the "#" sign but instead this came up:
"Error: INSERT INTO movie (firstname, surname, phonenumber, email,
movie, session, day) values(jon, doe, johndoeicloud.com, 123456789,
halloween, afternoon, tuesday)Unknown column 'jon' in 'field list'"
This is my code
if (!empty($firstname) || !empty($surname) || !empty($email) || !empty($phonenumber) || !empty($Localmovie) || !empty($session) || !empty($day)) {
$host = "localhost";
$dbUsername= "root";
$dbPassword="";
$dbName="tickets";
//create connection
$conn= new mysqli($host, $dbUsername, $dbPassword, $dbName);
if (mysqli_connect_error()) {
die('Connect
Error('.mysqli_connect_errno().')'.mysqli_connect_error());
}else{
//$sql = "INSERT INTO tutorials_inf(name)VALUES ('".$_POST["name"]."')";
$sql= "INSERT INTO movie
(firstname, surname, phonenumber, email, movie, session, day)
values($firstname, $surname, $email,
$phonenumber, $Localmovie, $session, $day)";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "" . mysqli_error($conn);
}
$conn->close();
im using phpmyadmin through xampp on macOS Mojave
Add single quotes to your value for string representation and also properly re-arrange the values based on your columns(You miss-places phonenumber and email column-value sequence)
$sql= "INSERT INTO movie (firstname, surname, phonenumber, email, movie, session, day) values($firstname, $surname, $email, $phonenumber, $Localmovie, $session, $day)";
To
$sql= "INSERT INTO movie (firstname, surname, phonenumber, email, movie, session, day) values('$firstname', '$surname', '$phonenumber', '$email','$Localmovie', '$session', '$day')";
The date and string values should be enclosed in single quotes.
The numeric values do not need to be enclosed in quotes.
I have multiple SQL databases and I need to insert data into one of them. I am not sure how to select the database.
The following code was working when I only had 1 database, but now that there are multiple databases, this code no longer works.
$sql = "INSERT INTO users (username, first_name, last_name, email,
password, hash, avatar) "
. "VALUES
('$username','$first_name','$last_name','$email','$password', '$hash',
'$avatar')";
I want to write the above data into a table in a specific database.
You can set it while connection or just:
$sql = "INSERT INTO databasename.users (username, first_name, last_name, email, password, hash, avatar) "
. "VALUES ('$username','$first_name','$last_name','$email','$password', '$hash', '$avatar')";
Either of these might work
Use 'DBName.users' in the query instead of 'users'.
Execute the query 'use DBName;' before the insert query.
Looks like I'm connecting to the server just fine. The problem seems to happen when it runs the query. It keeps saying
Error Querying Database
Here is my code:
<?php
$dbc = mysqli_connect('localhost', 'elvis_store')
or die('Error connecting to MySQL server.');
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$email = $_POST['email'];
$query = "INSERT INTO email_list (first_name, last_name, email)" .
"VALUES ('$first_name', '$last_name', '$email')";
mysqli_query($dbc, $query)
or die('Error querying database.');
echo 'Customer added.';
mysqli_close($dbc);
?>
You are getting this error because in your MySQLi connection you only give a location and username. You do not give a database name to be used. if you have no password, you need to write your connection like this:
$dbc = mysqli_connect('localhost', 'elvis_store', NULL, 'dbName)
or
$dbc = mysqli_connect('localhost', 'dbUsername', NULL, 'elvis_store')
if "elvis_store" is the database name and not the username. Remember, a mysqli connection is: mysqli_connect(dbLocation, dbUsername, dbPassword, dbName).
Also, as Ed has pointed out in another answer, there is also a syntax error in your MySQL statement. Here is the snippet from Ed's answer:
$query = "INSERT INTO email_list (first_name, last_name, email) " . "VALUES ('$first_name', '$last_name', '$email')";
You have multiple problems.
Problem 1: Syntax error
Your query has a typo (a missing space). Your query code
$query = "INSERT INTO email_list (first_name, last_name, email)" .
"VALUES ('$first_name', '$last_name', '$email')";
produces this query:
INSERT INTO email_list (first_name, last_name, email)VALUES ('$first_name', '$last_name', '$email')
-- ^ syntax error, missing space
To fix it, change your code to this:
$query = "INSERT INTO email_list (first_name, last_name, email) " .
"VALUES ('$first_name', '$last_name', '$email')";
At least for testing purposes, you probably should look at the output of mysqli_error() instead of using a generic message like Error querying database. Even in production, you'll want to trap and log the real error somehow.
Problem 2: You don't select a database
Edit: I missed this in my first glance at your question, but as Stephen Cioffi points out, you also need to select a database before running your query. You can do this with the schema parameter to mysqli_connect() or by using mysqli_db_select().
Both of these issues—the typo and the failure to select a database—will cause problems; you must fix both.
Problem 3: Huge SQL Injection Vulnerability
This is not strictly part of the answer, but it's important. You are wide open to SQL injection. You need to use prepared statements. Otherwise, you are going to get hacked. Imagine that the POSTed firstname is this:
', (SELECT CONCAT(username, ',', password) FROM users WHERE is_admin = 1), 'eviluser#example.com') --
Your query becomes (with some added formatting):
INSERT INTO email_list (first_name, last_name, email)
VALUES ('',
(SELECT CONCAT(username, ',', password) FROM users WHERE is_admin = 1),
'eviluser#example.com'
) -- ', 'value of lastname', 'value of email')
Then, when you email your users, somebody's going to get an email with a recipient like
"Duke,mySup3rP#ssw0rd!" <eviluser#example.com>
And... you're hosed.
(Hopefully, you're salting and hashing passwords, but still, this is disastrous.) You must use prepared statements.
Below is my php code, which should take the data from my form and put it into two tables in my database. However I keep getting an SQL syntax error by the values, I was originally putting the values in ' ' however I got the error so then I changed the values to backticks . But that still didnt seem to make much difference. Im receiving the error, however street, city, county, postcode, tel and date of birth are all inputting into the users table. But nothing else, and nothing is going into the members table.
Any help would be greatly appreciated. Many thanks
$con = mysql_connect("localhost", "alex", "");
if(!$con)
{
die('Could not connect: ' .mysql_error());
}
mysql_select_db("gym", $con);
//** code above connects to database
$sql ="INSERT INTO users (First_Name, Last_Name, Street, City, County, Postcode, Telephone, Email, Date_Of_Birth, Gender)
VALUES
(`$_POST[FirstName]`,
`$_POST[LastName]` ,
`$_POST[Street]`,
`$_POST[City]`,
`$_POST[County]`,
`$_POST[Postcode]`,
`$_POST[Tel]`,
`$_POST[Email]`,
`$_POST[Date_Of_Birth]`,
`$_POST[Gender]`)";
$result1=mysql_query($sql,$con);
$sql1 = "INSERT INTO members( Membership_Number, Membership_Type, Membership_Referal, Trainer_Required, Medical_Informaton, Contract, Card_Holder_Name, Bank, Card_Number, Sort_Code, valid, Exp, Security_Number
VALUES
(`$_POST[MembershipNumber]`,
`$_POST[MembershipType]`,
`$_POST[MembershipReferral]`,
`$_POST[TrainerRequired]`,
`$_POST[MedicalInformation]`,
`$_POST[Contract]`,
`$_POST[BankBranch]`,
`$_POST[CardHolderName]`,
`$_POST[CardNUMBER]`,
`$_POST[Expiry]`,
`$_POST[SecurityCode]`)";
$result2=mysql_query($sql1,$con);
//***** code below is error message if it doesnt work
if($result1 && $result2){
printf("window.alert(\"New Record Added!\");");
}
else
{
echo "Error:". mysql_error()."";
}
mysql_close($con)
?>
Remove backtics and add `single quote` to values parameter
User SQL query like.
$sql = "INSERT INTO users (First_Name, Last_Name) VALUES('".$_POST[FirstName]."','".$_POST[LastName]."')";
You must pass parameter between {$_POST['variable']} like this:
$sql1 = "INSERT INTO members( Membership_Number, Membership_Type, Membership_Referal, Trainer_Required, Medical_Informaton, Contract, Card_Holder_Name, Bank, Card_Number, Sort_Code, valid, Exp, Security_Number
VALUES
(`{$_POST['MembershipNumber']}`,
`{$_POST['MembershipType']}`,
`{$_POST['MembershipReferral']}`,
`{$_POST['TrainerRequired']}`,
`{$_POST['MedicalInformation']}`,
`{$_POST['Contract']}`,
`{$_POST['BankBranch']}`,
`{$_POST['CardHolderName']}`,
`{$_POST['CardNUMBER']}`,
`{$_POST['Expiry']}`,
`{$_POST['SecurityCode']}`)";
please use ' not use `
just like
'$_POST[value]', ........, ........
echo "</br></br></br>" . $sql;
mysql_query($sql) or die("Entry not added to database.");
is spitting out:
INSERT INTO potentials (id, firstname, lastname, age, email, phone, twitter, timeofday, dayofweek, address, city, state, zip, joindate, parentname, parentnumber) VALUES (null, 'Rick', 'Bross', '14', 'rbross3#gmail.com', '8164896991', '#rick_bross', 'After 5:30PM', 'Weekdays', '1234 Cooper', 'Raymore', 'MO', '64130', '2013-04-09 20:10:06', 'Rick Bross II', '1234123412')Entry not added to database.
Why isn't it being inserted correctly? Can I check if one of the strings isnt fitting into my database column (type type char error or something)?
mysql_query($sql) or die(mysql_error());
try msql_error() function. It is globally show every error happens with your sql execution