0

Hi everyone im stuck with this code im practically new to php... what im trying to do is,im trying to insert into the database one field called Id_Obj and its a VarChar but when im trying to send it it tells me "Unknown Column 'Id_Obj4' in 'field List' i really got no idea what to do the insert looks like this i forgot it was different when passing a variable and just the string so it really look like this i was lazy the first time sorry :S

while($info=mysql_fetch_Array($data))
{
print "name :".$info['Id']." ";
$count=$info['Id'];
}
    $t="INSERT INTO Table_Faces(Id_Obj,Num_Sides)VALUES(";
    $t = $t."IdObj$count".",".$_GET["ns"];
    $t = $t.")";
    mysql_query($t);

the fields in the database are Id,Id_Obj,Num_Sides

help me please

Improve this question
2
  • 1
    What are you trying to do with the string "IdObj$count"? It might be useful to echo $t; and take a look at your query -- you're probably not building it how you think you are. Commented Dec 15, 2010 at 16:03
  • you can find out what the insert looks like by doing print $t; at the end of your code. Commented Dec 15, 2010 at 16:04

3 Answers 3

Reset to default
2

You need quotes around your insert values

while($info=mysql_fetch_Array($data))
{
    print "name :".$info['Id']." ";
    $count=$info['Id'];
}

$t="INSERT INTO Table_Faces(Id_Obj,Num_Sides)VALUES(";
$t = $t."'IdObj$count'".",'".$_GET["ns"]."'";
$t = $t.")";
mysql_query($t);

ie INSERT INTO Table_Faces (Id_Obj, Num_Sides) VALUES('asdf','foo')

I also recommend you use mysql_real_escape_string on all of the variables you are inserting in a table to avoid SQL injection attacks.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Note that mysql_real_escape_string does not eliminate all SQL injection vulnerabilities under certain circumstances. You'd be better of using proper parametrized queries instead.
I didn't know that, that's good to know. I usually use parameterized queries and mysqli.
@cdhowie, Which circumstances? Or should I ask that as a separate question?
DAMN!!! U ROCK DUDE THIS ANSWER WORKED que te lluevan culitos.. thank you very much
@TRiG: IIRC, it has to do with the connection's collation, but I forget the specifics.
|
1

The problem is the values in your query should be quoted. Try this:

$t='INSERT INTO Table_Faces(Id_Obj,Num_Sides)VALUES(';
$t .= '"IdObj' . $count . '", "' . $_GET["ns"] . '")';
mysql_query($t);

Note that you are explicitly pasting an $_GET[] variable into your query, which is a direct security issue, everybody who has the URL can use SQL injection.

Improve this answer

Comments

0

Are you trying to create a new field called Id_Obj4 in the table Table_Faces or are you trying to add a value of Id_Obj4 into the field Id_Obj?

Try

$t  = 'INSERT INTO Table_Faces (Id_Obj, Num_Sides) VALUES ';
$t .= '("IdObj' . $count . '", "' . $_GET['ns'] . '")';

Note that there's a massive potential for Bobby Tables errors right there.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.