PHP keeps saying invalid column name

Question

Here is my code:

<?php $txtCommentor = $_POST['txtCommentor'] //from form?>
<?php $txtComment = $_POST['txtComment'] //from form?>
<?php $jobno = $_GET['jobno'] //from URL?>

<?php
//Query and connect
$query = "INSERT INTO delivery_comments (commentor, comment, jobno) VALUES ($txtCommentor,$txtComment, $jobno) ";?>
<?php $results = sqlsrv_query($conn, $query);?>
<?php echo $query?>
<?php
if( $results === false ) {
     die( print_r( sqlsrv_errors(), true));
}
?>

When I run the page I get this these results:

INSERT INTO delivery_comments (commentor, comment, jobno) 
VALUES (frontdesk,bvhjfhj, 85450)

Then I get the error:

Array ( [0] => Array ( [0] => 42S22 [SQLSTATE] => 42S22 [1] => 207 [code] => 207 [2] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Invalid column name 'frontdesk'. [message] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Invalid column name 'frontdesk'. ) [1] => Array ( [0] => 42S22 [SQLSTATE] => 42S22 [1] => 207 [code] => 207 [2] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Invalid column name 'bvhjfhj'. [message] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Invalid column name 'bvhjfhj'. ) )

Notice the echoed insert statement is first. This is correct. Then the rest of the error keeps telling me the data I want to insert is an invalid column name. This doesn't make any sense. That info is not supposed to be the column name but the data inserted into a column.

I don't think the problem has anything to do with single quotes, double quotes, and backticks. I could be wrong. It still thinks the data I'm trying to insert is the column names. — RGF Drone, Sep 17 '15 at 19:41
Read this: http://www.w3schools.com/php/php_mysql_insert.asp — Michael, Sep 17 '15 at 19:41

score 2 · Answer 1 · answered Sep 17 '15 at 20:36

2

<?php $txtCommentor = $_POST['txtCommentor'] //from form?>
<?php $txtComment = $_POST['txtComment'] //from form?>
<?php $jobno = $_GET['jobno'] //from URL?>

<?php
$params = array( $txtCommentor, $txtComment, $jobno);
//Query and connect
$query = "INSERT INTO delivery_comments (commentor, comment, jobno) VALUES (?,?,?) ";?>
<?php $results = sqlsrv_query($conn, $query,$params);?>

The above is the sanitized version of your query.

You should have much more success with that

answered Sep 17 '15 at 20:36

exussum

18,275
8
32
65

I am insanely confused as to why I am passing the data to the sqlsrv_query twice. And what goes in the "?" – RGF Drone Sep 18 '15 at 12:05
The question mark is replaced by the array. You ate passing an array of options rather than each one one at a tome – exussum Sep 18 '15 at 12:09

score -1 · Accepted Answer · answered Sep 18 '15 at 14:50

-1

This is what I ended up using:

$query = "INSERT INTO delivery_comments (commentor, comment, jobno) VALUES ('$txtCommentor','$txtComment', '$jobno') ";

answered Sep 18 '15 at 14:50

RGF Drone

37
1
8

PHP keeps saying invalid column name

2 Answers2