richarro1234 Posted May 11, 2009 Share Posted May 11, 2009 Hey, i have a mysql query that is meant to insert an md5(). but when i look at the page i get this Unknown column 'e983f8ac2081bcce91dee92517c83b4c' in 'field list'. so i added a '' in the query but then it doesnt insert the md5. Here is the query: mysql_query("INSERT INTO richspri_social.invite (userid, useremail, inviteemail, hash, date) VALUES ($userid,'$useremail','$fromemail',$hash,NOW())") or exit( mysql_error() ); What am i missing? Thanks Quote Link to comment Share on other sites More sharing options...
michaellunsford Posted May 11, 2009 Share Posted May 11, 2009 I'd try enclosing your fields in backticks like such: mysql_query("INSERT INTO `richspri_social`.`invite` (`userid`, `useremail`, `inviteemail`, `hash`, `date`) VALUES ('$userid','$useremail','$fromemail','$hash',NOW())") or exit( mysql_error() ); I also enclosed some of your values in single-quotes. See how that does. Quote Link to comment Share on other sites More sharing options...
richarro1234 Posted May 11, 2009 Author Share Posted May 11, 2009 Hey, thanks for the quick reply, still didnt work though. its just inserting "0" into the database, but it emails the hash fine. (it emails a hash number to the given email address but doesnt insert into the DB) Rich Quote Link to comment Share on other sites More sharing options...
michaellunsford Posted May 11, 2009 Share Posted May 11, 2009 Well, when I get in a pickle like that, I'll replace "mysql_query" with "echo" and see what it's actually sending to mysql. That's usually enough for me to say "ohhh!!!" and get it fixed. Another possible issue. I usually validate or escape all my mysql queries. It's probably the long way around, but this is how I do it: mysql_query("INSERT INTO `richspri_social`.`invite` (`userid`, `useremail`, `inviteemail`, `hash`, `date`) VALUES ('".mysql_real_escape_string($userid)."','".mysql_real_escape_string($useremail)."','".mysql_real_escape_string($fromemail)."','".mysql_real_escape_string($hash)."',NOW())") or exit( mysql_error() ); That should keep people from injecting malicious code into your mysql query, and clean up anything (like apostrophes) that can crater your query. Quote Link to comment Share on other sites More sharing options...
richarro1234 Posted May 11, 2009 Author Share Posted May 11, 2009 Hey, thanks for the help. i have managed to get it working now, i used your code and just played about with it abit and it inserted the numbers from the hash but that was it so i looked at the DB and turns i had the table set wrong, i changed it from varchar to int and forgot to change it back again. I changed it to varchar and it works fine now, thanks for the help Rich Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.