-1

I am trying to make my MySQL table insert stuff through MySQLi but it throws error 1054 Unknown Column saying that one of my values is my column, I dont know what causes this error. here is my code: 

$mysqli -> query('INSERT INTO `cities` (`Code`, `Name`, `lattitue`, `longitute`) VALUES ( `' . $_GET['code'] . '` , `' . $_GET['name'] . '` , `' . $_GET['lat'] . '` , `' . $_GET['long'] . '` )')

here is the output:

INSERT INTO cities (Code, Name, lattitue, longitute) VALUES ( kllk , kl , 9458 , 6568 )failed: (1054) Unknown column 'kllk' in 'field list'

Thanks, help is greatly appreciated!

user2421970
  • 3
  • 1
  • 2
  • The accepted answer is wrong. [How to include a PHP variable inside a MySQL insert statement](http://stackoverflow.com/a/7537500/285587) – Your Common Sense May 27 '13 at 00:19
  • 1
    @YourCommonSense you're smoking stuff that's bad for you? a) I answer the question on how to fix the error, b) I then point towards documentation on parametrized queries as a better fundamental solution for the issue, to avoid c) the possibility of SQL injection which I link an explanation for, and d) I do it without, like you, linking to an explanation on how to fix this with a **deprecated** API. You're misinforming users on purpose, calling a fundamentally correct answer wrong, and linking to an outdated answer as 'better' without explanation - now that's just plain dumb. – Niels Keurentjes May 27 '13 at 00:29

1 Answers1

1

Use real apostrophes (') around string constant values, not backticks (`) - those are used for escaping reserved words in queries. MySQL is now thinking you want to get the value for Code from a field named kllk instead of the string kllk as you seem to want.

To the point, replace:

VALUES ( `' . $_GET['code'] . '`

with:

VALUES ( \'' . $_GET['code'] . '\'

And repeat this for the other values. After that make sure you go read up on parametrized queries, concatenating the values in there isn't good practice and could open up some nasty security exploits.

Niels Keurentjes
  • 41,402
  • 9
  • 98
  • 136