I am trying to solve this error for a long time, maybe i'm blind but I don't see what's wrong.
$query = "INSERT INTO `130225` (`vote`,`ip`) VALUES (".$_POST['130225'].",".$_SERVER['REMOTE_ADDR'].");";
Asked
Active
Viewed 95 times
3 Answers
6
the IP was not enclose with single quotes (if it were a string),
$query = "INSERT INTO `130225` (`vote`,`ip`) VALUES (".$_POST['130225'].",'".$_SERVER['REMOTE_ADDR']."');";
// ^ ^
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
1
Looks like you are missing a few "'" where your values is.
$query = "INSERT INTO `130225` (`vote`,`ip`) VALUES ('".$_POST['130225']."','".$_SERVER['REMOTE_ADDR']."');";
Its easier to troubleshoot queries if you paste them into your database. There will be a helpful(sometimes not..) error messages.
The error I get from you query is
#1054 - Unknown column 'text here' in 'field list'
Google this error and there will be hints on how to solve it.
Daniel Magnusson
- 9,541
- 2
- 38
- 43
0
It's better to use prepared statement to avoid similar problems. Like this, you don't need to worry about quotes.
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
Query must look like this:
$stmt = $mysqli->prepare("INSERT INTO 130225 (vote,ip) VALUES (?,?));
And then bind the parameters:
$stmt->bind_param('ss', $_POST['130225'],$_SERVER['REMOTE_ADDR']);
etc...
Aris
- 4,643
- 1
- 41
- 38