jahicki
jahicki
- New Members
- 9
- Share
Hi Guys & Girls
I have this table:
$sql = "CREATE TABLE " . $Name . "[ id INT[6] UNSIGNED AUTO_INCREMENT PRIMARY KEY, ItemName VARCHAR[30] NOT NULL, ItemWeight VARCHAR[30] NOT NULL, ItemPrice VARCHAR[5], ItemDate DATE ]";& This Query:
& the response I get is:
Error Updating table: Unknown column 'Bacon' in 'field list'.
I believe this to be an SQL issue but I don't know what or why. the HTML and PHP is below relating to this:
Any help would be appreciated.
Edited September 29, 2020 by jahicki- Quote
Barand
Barand
- Moderators
- 22.4k
- 254
- Location: Cheshire, UK
- Age: 72
- Donate to me!
- Share
Given the array values from you previous topic, you should be aiming to generate an SQL string that looks like this
INSERT INTO Pantry [ItemName, ItemWeight, ItemPrice, ItemDate] VALUES ['Bacon', 500, 3.25, '2020-12-12'];1 ] The $name needs to be inside single quotes otherwise it interprets bacon as a column name and not as a string value.
2 ] Your weight and price columns should be numeric types, not varchar [weight int, price decimal[10,2] ].
3 ] Your current date format of 12/12/2020 is not a valid DATE format. Your unquoted date string in that format is interpreted as "12 divide by 12 divide by 2020"
You current method of putting variables inside the SQL string is unsafe. Use prepared statements and pass the values as parameters EG
$stmt = $pdo->prepare[["INSERT INTO Pantry [ItemName, ItemWeight, ItemPrice, ItemDate] VALUES [?,?,?,?] "]; $stmt->execute[ [ $name, $weight, $price, $date ] ];- Quote