0

I have this code:

<?php
    include "../Header.php";
    $verify = mysql_query("SELECT * FROM Users WHERE Verified = 'YES'");
    while($row = mysql_fetch_array($verify))
    {
        mysql_query("INSERT INTO Inventory (UserID, ItemID, File, Type, code1, code2) VALUES ('" .
            $row['ID']."','96','40_c4cf313e76fc072a6be0a0959427246a.png','Accessory'," . sha1('40_c4cf313e76fc072a6be0a0959427246a').",'".sha1($row['ID'])."')") or die(mysql_error());
        echo $row['ID'];
    }

I get this error:

Unknown column '6c59be3b2b3c1ad356402243bf9a3eba66dee96d' in 'field list'

But there is nothing about that column in my code.

honk
  • 9,137
  • 11
  • 75
  • 83
tommm
  • 9
  • 1
  • 3
    You forgot single quotes around one of the SHA values. Use a proper, not deprecated, API with bind parameters to avoid all these problems & SQL injection at the same time. – Mat Dec 20 '14 at 16:02
  • No, I haven't done that..? – tommm Dec 20 '14 at 16:03
  • Yes, you have. Print the query out if you don't believe me. – Mat Dec 20 '14 at 16:03
  • Also, please read this: http://stackoverflow.com/questions/548986/mysql-vs-mysqli-in-php – Tom Dec 20 '14 at 16:09

1 Answers1

1

Just put single quotes around your Sha value like this:

mysql_query("INSERT INTO inventory 
        ( 
                    userid, 
                    itemid, 
                    FILE, 
                    type, 
                    code1, 
                    code2 
        ) 
        VALUES 
        ( 
                    '" . $row['id'] . "', 
                    '96', 
                    '40_c4cf313e76fc072a6be0a0959427246a.png', 
                    'Accessory', 
                    '" . sha1('40_c4cf313e76fc072a6be0a0959427246a') . "',   
                    '" . sha1($row['id']) . "' 
        )") or die(mysql_error());
Rizier123
  • 58,877
  • 16
  • 101
  • 156