Jump to content

[SOLVED] Unknown column 'whatever' in 'field list'


Recommended Posts

When I try this I get the "Unknown column in 'field list'" error

 

$newtext = stripslashes(strip_tags($_POST['text']));

$query = "INSERT INTO piccomment (picid,posterid,postername,comment) 
	  VALUES ('$_POST[picid]','$_POST[posterid]','$_POST[postername]',$newtext)";
query_db($query);

 

it works fine when im just doing:

 

"INSERT INTO piccomment (picid,posterid,postername,comment)

  VALUES ('$_POST[picid]','$_POST[posterid]','$_POST[postername]','$_POST[text]')";

I added in mysql_real_escape_string() and am still getting "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

 

however, when I submit the form once it works, the second time I try is when i get the error. So it looks like might not be a problem with my query..

 

 

I am going to post my code, it is kind of confusing and is mostly uncommented so I hope someone can help me make sense of it. I Commented where I thought the problem was.

 

http://www.wiuartinny.com/pic.php?id=38 << You can see the page here(except the comment form because thats for logged in users only)

 

<?php 
session_start(); // START SESSION (MUST BE FIRST ON EVERY PAGE)
include("header.php");
include("db_connect.php");

if (isset($_POST['submitcomment'])) // CHECK IF COMMENT WAS SUBMITTED
{
//IF COMMENT SUBMITTED INSERT INTO DATABASE
$newtext = stripslashes(strip_tags($_POST['text']));
$finaltext = mysql_real_escape_string($newtext);

//HERE IS WHERE I THOUGHT THE PROBLEM WAS
$query = "INSERT INTO piccomment (picid,posterid,postername,comment) 
	  VALUES ('$_POST[picid]','$_SESSION[user]','$_POST[postername]','$finaltext')";
query_db($query);

//RELOAD PAGE WITH THE PICTURE ID SENT FROM THE COMMENT FORM
$query2 = "SELECT * FROM pic WHERE pictureid = $_POST[picid]";
query_db($query2);
unset($_POST); //ADDED IN TO TRY AND FIX PROBLEM(NOT DOING IT)
}
else 
{
//LOAD PAGE WITH PICTURE ID FROM GALLERY PAGE
$query2 = "SELECT * FROM pic WHERE pictureid = $_GET[id]";
query_db($query2);
}
$row = mysql_fetch_array($result);
extract($row); ?>

<div id="gallerynav">
<a href="gallery.php"> Go back to the gallery </a>
</div>
<div id="gallery">
<div id="galfloatleft">

<h2><?php if ($picturetitle == ""){ echo "Untitled"; } else {echo $picturetitle;} ?></h2>

</div>
<div id="galfloatright">
<br>
<a href="#">Prev</a> | <a href="#">Next</a>
</div>
</div>
<div id="gallerynav">
<?php 
$query = "SELECT * FROM member WHERE memberid = $pictureuserid";
query_db($query);
$row = mysql_fetch_array($result);
extract($row);
$timestamp = strtotime($picturedate);
$format_date = date("F n",$timestamp);

?>
<center>
<table>
<tr><td align="right">Photographer:</td><td align="left"><?php echo $fname." ".$lname; ?></td></tr>
<tr><td align="right">Year:</td><td align="left"><?php echo $pictureyear; ?></td></tr>
<tr><td align="right">Day:</td><td align="left"><?php echo $pictureday; ?></td></tr>
<tr><td align="right">Date:</td><td align="left"><?php echo $format_date; ?></td></tr>
<tr><td align="right">Location:</td><td align="left"><?php echo $picturelocation; ?></td></tr>
<?php
if ($picturetag != "")
{ 
$query = "SELECT * FROM member";
query_db($query);
$row = mysql_fetch_array($result);
?>
<tr><td colspan="2" align="center"><br /></td></tr>
<tr><td colspan="2" align="center">In this photo:</td></tr>
<tr><td colspan="2" align="center">
<?php
$array = explode(",",$picturetag);
foreach ($array as $name)
	{
	if (in_array($name,$row))
		{
		$query2 = "SELECT fname,lname FROM member WHERE memberid = $name";
		query_db2($query2);
		$row2 = mysql_fetch_array($result2);
		echo "<a href='profile.php?id=$name'>$row2[0] $row2[1]</a><br />";

		}
	}
}?>
</td></tr>
</table>
</center>
</div>


<div id="gallery">
<img id="larger"  src="<?php echo "uploads/$picturefile"; ?>">
</div>
<? if ($_SESSION['auth'] == "yes"){ ?>
<div id="gallery">
<h3>Add a comment:</h3>
<form name="addcomment" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="picid" value="<?php echo $id; ?>">
<input type="hidden" name="posterid" value="<?php echo $_SESSION['user']; ?>">
<input type="hidden" name="postername" value="<?php echo $_SESSION['fname']." ".$_SESSION['lname']; ?>">
<textarea name="text" cols="49" rows="4"></textarea><br><br>
<input name="submitcomment" type="submit" value="submit"><br><br>
</form>
</div>
<?php } ?>

<?php
$query = "SELECT * FROM piccomment WHERE picid = $pictureid";
query_db($query);
$num = mysql_num_rows($result);
if ($num > 0){
?>
<div id="gallery">
<h2>Comments</h2>
<?php
while ($row = mysql_fetch_array($result))
{
extract($row); ?>
<div id="comment">
<div id="commentpic"><img src="images/nopic.gif"></div>
<div id='commenttext'>
<h4><a href="profile.php?id=<?php echo $posterid; ?>"><?php echo $postername; ?></a> wrote:</h4>
<p><?php echo $comment; ?></p>
</div>
</div>
<?php } ?>
</div>
<?php } ?>
<?php
include("footer.php");
?>

 

 

I think I have gotten everything else on the page working now im just having trouble formating the mysql injection prevention stuff, what am I doing wrong there?

 

//RELOAD PAGE WITH THE PICTURE ID SENT FROM THE COMMENT FORM
$srippicid = stripslashes(strip_tags($_POST['picid'])); //not workig
$escapepicid = mysql_real_escape_string($strippicid); //not working
$query2 = "SELECT * FROM pic WHERE pictureid = '$escapepicid'";  //not working
query_db2($query2); 
$row2 = mysql_fetch_array($result2);
extract($row2);
}
else 
{
//LOAD PAGE WITH PICTURE ID FROM GALLERY PAGE
$srippicid = stripslashes(strip_tags($_GET['id']));  //not working
$escapepicid = mysql_real_escape_string($strippicid);  //not working
$query2 = "SELECT * FROM pic WHERE pictureid = '$_GET[id]'";   //WORKING!!
query_db2($query2);
$row2 = mysql_fetch_array($result2);
extract($row2);

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.