I am trying to insert some form post data in database but it shows the error:
Error: INSERT INTO user_data (name, age, gender,happy,sad,angry) VALUES (Sourav,23,male,3.5,2.75,1.5)
Unknown column 'Sourav' in 'field list'
I used the query:
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES (" . $name . "," . $age . "," . $gender . "," . $happyness . "," . $sadness . "," . $angryness . ")";
You have to put the string values inside quotes. Update the code as below.
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('" . $name . "','" . $age . "','" . $gender . "','" . $happyness . "','" . $sadness . "','" . $angryness . "')";
Also, your code isn't safe. Use escape string while inserting form data.
Change your query to:
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('$name','$age','$gender','$happyness','$sadness','$angryness')";
USE '' like 'Sourav'
INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('Sourav','23','male','3.5','2.75','1.5')
or like that
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('$name','$age','$gender','$happyness','$sadness','$angryness')";
Try this..,
$sql = "INSERT INTO user_data (name, age, gender,happy,sad,angry)
VALUES ('" . $name . "','" . $age . "','" . $gender . "','" . $happyness . "','" . $sadness . "','" . $angryness . "')";
Hope this helps..
You should really have a look at the mysqli or pdo extension - or at least use some kind of quoting on your parameters like mysql_real_escape_string. Directly passing user input to database queries can easily be used for mysql injections.
Using pdo you could write your code like this:
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password');
$name = 'BOB';
$password = 'badpass';
$stmt = $db->prepare("INSERT INTO table(`hexvalue`, `password`) VALUES(HEX(?), PASSWORD(?))");
$stmt->execute(array($name, $password));
