Home/ Questions/Q 8340817
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T05:17:05+00:00

I am just playing around with .php and SQL, and am trying to test

  • 0

I am just playing around with .php and SQL, and am trying to test somethings out. I know that storing a variables in a table is a very easy thing to do, but for some reason it is not working for me now.

Here is the table I have: 

+-------+--------------+------+-----+---------+-------+
| Field | Type         | Null | Key | Default | Extra |
+-------+--------------+------+-----+---------+-------+
| v1    | varchar(255) | YES  |     | NULL    |       | 
| v2    | varchar(255) | YES  |     | NULL    |       | 
| v3    | varchar(255) | YES  |     | NULL    |       | 
| v4    | varchar(255) | YES  |     | NULL    |       | 
| v5    | varchar(255) | YES  |     | NULL    |       | 
| v6    | varchar(255) | YES  |     | NULL    |       | 
| v7    | varchar(255) | YES  |     | NULL    |       | 
| v8    | varchar(255) | YES  |     | NULL    |       | 
| v9    | varchar(255) | YES  |     | NULL    |       | 
| v10   | varchar(255) | YES  |     | NULL    |       | 
+-------+--------------+------+-----+---------+-------+

I access the table like so:

$result = mysql_query("INSERT INTO form2 (v1, v2, v3, v4, v5, v6, v7, v8, v9, v10) VALUES ($field0, $field1, $field2, $field3, $field4, $field5, $field6, $field7, $field8, $field9)");

I get the variables from the url by doing this:

$field0 = $_GET['field0'];
$field1 = $_GET['field1'];
$field2 = $_GET['field2']; 
$field3 = $_GET['field3'];
$field4 = $_GET['field4'];
$field5 = $_GET['field5'];
$field6 = $_GET['field6'];
$field7 = $_GET['field7']; 
$field8 = $_GET['field8'];
$field9 = $_GET['field9'];

And lastly, my URL is:

http://mywebsite.ca/anapplication?field0=YES&field1=GOOD&field2=GOOD&field3=GOOD&field4=YES&field5=GOOD&field6=GOOD&field7=GOOD&field8=A&field9=&

I get an error message saying that there is an unknown column ‘YES’ (the first parameter). I passed the same URL with number instead of strings and to my surprise everything worked then.

I don’t have much experience with .php or SQL, so I am looking for a fresh set of eyes to take a quick look through what I’ve posted here.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I believe you need to wrap your values in single quotes, that way mysql treats them as strings instead of integers. This would be why passing only numbers through works while strings do not.

    So,

    $result = mysql_query("INSERT INTO form2 (v1, v2, v3, v4, v5, v6, v7, v8, v9, v10) VALUES ('$field0', '$field1', '$field2', '$field3', '$field4', '$field5', '$field6', '$field7', '$field8', '$field9')");

    should clear it up.

    Also, if this is coming from a web form or other outside source, make sure to sanitize it using something like mysql_real_escape_string().

    • 0