Error in mySql query.Unknown column ' ' in 'field list'

Question

I have a database with 4 columns Date,to,message,from one of date format and all varchar. Following is the error that i am getting:

Error: Database Error Unknown column 'anything i enter into the form's first field' in 'field list'. Here is my code:

form:

<form method='post' name:mail>
<label>
<p>
  Send to Username:<p>
  </label>
    <input type="text" name="user" hint="Enter username" id="user"   placeholder = "Name" >


  </label><p>
  Message:
  <p>
    <label>

<textarea   name="message" cols="40" rows="5">

</textarea><br>
<input type="submit" name="submit" id="submit"  value="Send" />

I know i should not have used $POST_[] directly into the query but i am just testing it.

php code:

<?php

$con = mysqli_connect("localhost","","","");
if (!$con)
  {
     echo" Not connected to database";
  die('Could not connect: ' . mysqli_error());
  }

  if(isset($_POST['submit']))
{
$username1=$_SESSION["username"];
$sql = "INSERT INTO anengine_dbase.mail(`Date`,`to`,`message`,`from`) VALUES (CURDATE(),`$_POST[user]`, `$_POST[message]`,`$username1`)";

$xy=mysqli_query($con,$sql);
if (!$xy)
  {
  die('Database Error ' . mysqli_error($con));
  }
echo "message successfully recorded ";

}

?>

For one thing, this is invalid `name:mail>` also make sure you're loading `session_start();` if it's not in there, then it won't work, since it's not posted in your question. — Funk Forty Niner, Jan 25 '14 at 22:01
And instead of doing `$username1=$_SESSION["username"];` it's better to use `$_SESSION["username"]=$_POST['user'];` --- Sidenote: Using the present method, is leaving you open to [**SQL injection**](http://stackoverflow.com/q/60174/) — Funk Forty Niner, Jan 25 '14 at 22:05
I am including the session_start() in the beginning of my code. — reaper1, Jan 25 '14 at 22:05
Well this is still invalid `name:mail` I don't even know why you have it in there. — Funk Forty Niner, Jan 25 '14 at 22:07
As for your `Unknown column` error message. The message is clear, you're using backticks for your VALUES where you should be using quotes. Try `VALUES (CURDATE(),'$_POST[user]', '$_POST[message]','$username1')` Backticks are for tables and columns, not for VALUES. @ronash — Funk Forty Niner, Jan 25 '14 at 22:09
You're welcome. I did post an answer, I was right after all. @ronash — Funk Forty Niner, Jan 25 '14 at 22:14

score 2 · Accepted Answer · answered Jan 25 '14 at 22:05

This is your SQL statement:

INSERT INTO anengine_dbase.mail(`Date`,`to`,`message`,`from`)
    VALUES (CURDATE(),`$_POST[user]`, `$_POST[message]`,`$username1`);

Unless the values are all numbers, you will have a problem. In other words, you need single quotes rather than backticks for the values:

INSERT INTO anengine_dbase.mail(`Date`, `to`, `message`, `from`)
    VALUES (CURDATE(), '$_POST[user]', '$_POST[message]', '$username1');

By the way, as a general rule, it is a good idea to avoid using reserved words (such as to and from) as the names of objects in the database.

Because, I came up with the right answer first in a comment. I don't care for the points myself. @GordonLinoff See comment timestamp. I do believe. Never saw your answer before my comment. Anyway, it's all yours. — Funk Forty Niner, Jan 25 '14 at 22:18

score 1 · Answer 2 · answered Jan 25 '14 at 22:13

1

The message is clear, you're using backticks for your VALUES where you should be using quotes.

Try

VALUES (CURDATE(),'$_POST[user]', '$_POST[message]','$username1')

Backticks are for tables and columns, not for VALUES.

answered Jan 25 '14 at 22:13

Funk Forty Niner

74,450
15
68
141

Error in mySql query.Unknown column ' ' in 'field list'

2 Answers2