Home/ Questions/Q 7563271
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T13:37:25+00:00

So I have this $name = $_GET[‘fullname’]; $username = $_GET[‘username’]; $password = $_GET[‘password’]; $gender

  • 0

So I have this

$name = $_GET['fullname'];
$username = $_GET['username'];
$password = $_GET['password'];
$gender = $_GET['gender'];

$query = "INSERT INTO main (name, username, password,gender) VALUES (" . $name . "," .  $username . "," . $password . ", " . $gender . ");";

mysql_query($query) or die(mysql_error());

and I pass in the url as:
http://my.website.com/submit_user_info.php?fullname=myfullname&username=myusername&password=mypassword&gender=m

If I rewrite the $query to have hardcoded values such as VALUES (myfullname,"...etc. it works fine, but my query with the $_GETs gives me the error:

Unknown column 'myfullname' in 'field list'

Why would this be happening? How do I fix this? I don’t normally do PHP/MySQL so I’m not too familiar.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need quotes around all the variables:

    // Sanitize with mysql_real_escape_string()
$name = mysql_reaL_escape_string($_GET['fullname']);
$username = mysql_reaL_escape_string($_GET['username']);
$password = mysql_reaL_escape_string($_GET['password']);
$gender = mysql_reaL_escape_string($_GET['gender']);

// Escaped values can be interpolated in the double-quoted string.
$query = "INSERT INTO main (name, username, password,gender) VALUES ('$name','$username','$password','$gender');";

    Since you are using a double-quoted string, you can simply include the variables in the string surrounded by single-quotes to be correctly interpolated, rather than concatenating them in with . Not everyone agrees with the practice of interpolating variables in double-quoted strings, but it adds a lot of readability for a case like this, and might have made it easier to debug.

    • 0