I get this error, can someone help? Column count doesn't match value count at row 1

Question

Column count doesn't match value count at row 1 Can someone help me pls? I can't figure it out ...

if (isset($_POST['prodotto_cat'])) {

$product_cat = mysqli_real_escape_string($conn,$_POST['prodotto_cat']);
$category_cat = mysqli_real_escape_string($conn,     $_POST['categoria_cat']);
$details_cat = mysqli_real_escape_string($conn,     $_POST['dettagli_cat']);

$sql = mysqli_query($conn, "SELECT id FROM prodotti_cat WHERE     product_cat='$product_cat' LIMIT 1");
$productMatch_cat = mysqli_num_rows($sql); // count the output amount
if ($productMatch_cat > 0) {
    echo 'Mi dispiace, hai inserito un duplicato "Nome prodotto" nel     sistema, <a href="admin.php">&nbsp; &nbsp; &nbsp; RITORNA</a>';
    exit();
}

$sql = mysqli_query($conn, "INSERT INTO prodotti_cat (product_cat,     details_cat,  category_cat)
  VALUES('$product_cat','$details_cat','$category_cat',now())") or die     (mysqli_error($conn));
  $pid_cat = mysqli_insert_id($conn);

I do front-end only, in php I'm a noob – Daniel Zaharia Sep 23 '17 at 15:14 — Daniel Zaharia, Sep 23 '17 at 15:14
which is the 4th value ? – Daniel Zaharia Sep 23 '17 at 15:15 — Daniel Zaharia, Sep 23 '17 at 15:15
i mean , does the id counts? – Daniel Zaharia Sep 23 '17 at 15:15 — Daniel Zaharia, Sep 23 '17 at 15:15
it is not added automatically – Daniel Zaharia Sep 23 '17 at 15:16 — Daniel Zaharia, Sep 23 '17 at 15:16

score 2 · Accepted Answer · answered Sep 23 '17 at 15:15

2

You are trying to insert 4 values into 3 columns. Observe:

INSERT INTO prodotti_cat (product_cat,    details_cat,    category_cat)
                  VALUES ('$product_cat', '$details_cat', '$category_cat', now())

What column should hold that now() value?

Either add the fourth column to the column list, or remove the 4th value from the value list.

While you're at it, you should also start looking into what SQL Injection is, because currently your code is potentially open to it. This is a good place to start, as is this. While you are trying to prevent the problem by sanitizing input, that alone is not enough. Instead of trying to prevent users from inputting malicious code, simply don't execute user input as code in the first place.

answered Sep 23 '17 at 15:15

David

208,112
36
198
279

I removed the 4th value now() and I get this error now – Daniel Zaharia Sep 23 '17 at 15:20
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 – Daniel Zaharia Sep 23 '17 at 15:20
@DanielZaharia: Then you're going to want to examine your new SQL code and find the syntax error. Note also that it's very difficult to control the syntax of your SQL code when you dynamically build it from user input like that. – David Sep 23 '17 at 15:21
Too difficult, I'll just add another value :)), and about SQL injection, does the escape string it is not enough? – Daniel Zaharia Sep 23 '17 at 15:25
@DanielZaharia: Looking at your code is too difficult? You're going to find programming to be pretty challenging then. And yes, escaping the string is not enough. – David Sep 23 '17 at 15:27
I added a new value and it works perfectly! Thank you so much, bro! Have a nice weekend. – Daniel Zaharia Sep 23 '17 at 15:32

I get this error, can someone help? Column count doesn't match value count at row 1

1 Answers1