jahicki Posted September 29, 2020 Share Posted September 29, 2020 (edited) Hi Guys & Girls I have this table: $sql = "CREATE TABLE " . $Name . "( id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY, ItemName VARCHAR(30) NOT NULL, ItemWeight VARCHAR(30) NOT NULL, ItemPrice VARCHAR(5), ItemDate DATE )"; & This Query: $sql = "INSERT INTO Pantry (ItemName, ItemWeight, ItemPrice, ItemDate) VALUES (" . $Name . ", " . $Weight . ", " . $Price . ", " . $Date . ")"; & the response I get is: Error Updating table: Unknown column 'Bacon' in 'field list'. I believe this to be an SQL issue but I don't know what or why. the HTML and PHP is below relating to this: if (isset($_POST["Item"])){ Add_Item($_POST["Item"], $_POST["Weight"], $_POST["Price"], $_POST["Date"]); }else{ echo "Nothing To do"; } <body> <form action="ActionPage.php" method="POST"> <input type="button" value="Create Pantry" onclick="CreatePantry()" /> <label for="PantryID">Create Pantry: </label> <input type="text" id="PantryID" name="PantryID" disabled="true" /> <input type="button" value="Add Item" onclick="AddItem()" /> <label for="ItemName">Item Name: </label> <input type="text" id="Name" name="Item" /> <label for="ItemWeight">Item Weight: </label> <input type="text" id="Weight" name="Weight" /> <label for="ItemPrice">Item Price: </label> <input type="text" id="Price" name="Price" /> <label for="ItemDate">Item BBE: </label> <input type="text" id="Date" name="Date"/> <input type="Submit" Value="Submit" /> </form> </body> Any help would be appreciated. Edited September 29, 2020 by jahicki Quote Link to comment https://forums.phpfreaks.com/topic/311539-unknown-column-bacon-in-field-list/ Share on other sites More sharing options...
Barand Posted September 29, 2020 Share Posted September 29, 2020 Given the array values from you previous topic, you should be aiming to generate an SQL string that looks like this INSERT INTO Pantry (ItemName, ItemWeight, ItemPrice, ItemDate) VALUES ('Bacon', 500, 3.25, '2020-12-12'); 1 ) The $name needs to be inside single quotes otherwise it interprets bacon as a column name and not as a string value. 2 ) Your weight and price columns should be numeric types, not varchar (weight int, price decimal(10,2) ). 3 ) Your current date format of 12/12/2020 is not a valid DATE format. Your unquoted date string in that format is interpreted as "12 divide by 12 divide by 2020" You current method of putting variables inside the SQL string is unsafe. Use prepared statements and pass the values as parameters EG $stmt = $pdo->prepare(("INSERT INTO Pantry (ItemName, ItemWeight, ItemPrice, ItemDate) VALUES (?,?,?,?) "); $stmt->execute( [ $name, $weight, $price, $date ] ); Quote Link to comment https://forums.phpfreaks.com/topic/311539-unknown-column-bacon-in-field-list/#findComment-1581636 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.