Error: Unknown column 'abc' in 'where clause'

Question

I have 2 dropdown menu. when i click on the first one the second one should display value related to the first choice. however when I select a the first one, i get this.

Error: Unknown column 'abc' in 'where clause'

below is my code. Can some one tell me what i am doing wrong. Thank you in advance.

<?php 
include ('db_connect1.php'); 
$query_parent = mysqli_query($conn, "SELECT * FROM field") or die("Query failed: ".mysqli_error());
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Dependent DropDown List</title>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript">
$(document).ready(function() {

$("#parent_cat").change(function() {
    $(this).after('<div id="loader"><img src="img/loading.gif" alt="loading subcategory" /></div>');
    $.get('loadsubcat.php?parent_cat=' + $(this).val(), function(data) {
        $("#sub_cat").html(data);
        $('#loader').slideUp(200, function() {
            $(this).remove();
        });
    }); 
});

 });
</script>
</head>

<body>
<form method="get">
<label for="category">Parent Category</label>
<select name="parent_cat" id="parent_cat">
    <?php while($row = mysqli_fetch_array($query_parent)): ?>
    <option value="<?php echo $row['field_name']; ?>"><?php echo    $row['field_name']; ?></option>
    <?php endwhile; ?>
</select>
<br/><br/>

<label>Sub Category</label>
<select name="sub_cat" id="sub_cat"></select>
</form>
</body>
</html>

//loadsubcat.php
<?php 
include ('db_connect1.php');

$parent_cat = $_GET['parent_cat'];
$test="SELECT * FROM courses WHERE field_id = {$parent_cat}";
$query = mysqli_query($conn,$test) or die ("Error: ".mysqli_error($conn));
while($row = mysqli_fetch_array($query)) {
echo "<option value='$row[course_id]'>$row[course_name]</option>";
}
?>

Perhaps your $parent_cat is a string. Try to quoted it when comparing or make sure it is a numeric value. — Muriano, May 26 '16 at 11:21
You've just suffered from SQL injection. Please check the linked question for alternatives. — Álvaro González, May 26 '16 at 11:41
You have an error. [`mysqli_error()`](https://www.php.net/manual/en/mysqli.error.php) needs one argument. Please consider switching error mode on instead. [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) — Dharman, Feb 25 '20 at 23:41

score 0 · Answer 1 · edited Feb 25 '20 at 23:40

String value must be inside quotes. Make sure field_id is varcare. Better use parameter binding with prepared statement.

$parent_cat = $_GET['parent_cat'];
$stmt = $conn->prepare("SELECT * FROM courses WHERE field_id = ?");
$stmt->bind_param('s', $parent_cat);
$stmt->execute();

$stmt->get_result(); //store_result()
$str = "";
while ($row = $result->fetch_assoc()) {
    $str .= "<option value='".$row['course_id']."'>'".$row['course_name']."'</option>";
}
echo $str;

Your code is open for sql injection.

Read How can I prevent SQL injection in PHP? to prevent it

score -1 · Answer 2 · answered May 26 '16 at 11:29

-1

if $parent_cat get a value, you need to add "single quote", try this

$test="SELECT * FROM courses WHERE field_id = '{$parent_cat}'";

You can also do HAVING instead of WHERE

$test="SELECT * FROM courses HAVING field_id = '{$parent_cat}'";

answered May 26 '16 at 11:29

Marc Giroux

186
1
7
18

i don't have any errors now but i don't have any value returning. i'll try to work it out from there. thank you very much – ash_dev15 May 26 '16 at 11:33
Try to var_dump($parent_cat) to see what the value is. No problem if it helps you ! regards. – Marc Giroux May 26 '16 at 11:36
Wrong suggestion of `HAVING` clause Read when we use HAVING http://www.w3schools.com/sql/sql_having.asp – Saty May 26 '16 at 11:39

Error: Unknown column 'abc' in 'where clause'

2 Answers2