LiamG Posted May 1, 2003 Share Posted May 1, 2003 I\'ve had a look at this a few times, so I figured you guys would get it right first off, a new pair of eyes and a new brain is all I need: $addnews_sql = "INSERT INTO `news` (`subject`, `username`, `body`) VALUES (`$_POST[\'subject\']`, `$_POST[\'username\']`, `$_POST[\'body\']`)"; returns the error: Unknown column \'\' in \'field list\' while my SCHEMA for that table is:CREATE TABLE news ( newsid int(11) NOT NULL auto_increment, subject text NOT NULL, username text NOT NULL, posted timestamp(14) NOT NULL, body longtext NOT NULL, PRIMARY KEY (newsid) ) TYPE=MyISAM; Thanks guys, LiamG. Link to comment https://forums.phpfreaks.com/topic/418-sql-statement-hiccups/ Share on other sites More sharing options...
barbatruc Posted May 1, 2003 Share Posted May 1, 2003 Hi! I think you used backquotes for the values which are only valid for table and field names. Single quotes should be used instead: addnews_sql = "INSERT INTO `news` (`subject`, `username`, `body`) VALUES (\'$_POST[\'subject\']\', \'$_POST[\'username\']\', \'$_POST[\'body\']\')"; Also please note that creating queries that way is not really secure... you should try to see if get_magic_quotes_gpc() returns you true and if it doesn\'t, you should use addslashes() on the values you insert in your query: addnews_sql = "INSERT INTO `news` (`subject`, `username`, `body`) VALUES (\'".addslashes($_POST[\'subject\'])."\', \'".addslashes($_POST[\'username\'])."\', \'".addslashes($_POST[\'body\'])."\')"; Hope this helps! JP. Link to comment https://forums.phpfreaks.com/topic/418-sql-statement-hiccups/#findComment-1407 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.