“尝试发布帖子时，'字段列表'中的未知列”

Question

I've made a simple forum in which you can log in to post threads. I have a users table and a topics table. When you post a thread it sends information to the topics table containing id, title, message, date and username. The problem is that I can only post threads when logged in with a username containing only digits. I noticed that i had the topic_by (username) on INT which i changed to VARCHAR. That didn't fix the problem though, it still only works if you have only digits in your username. If you try to post with a username containing letters the following line shows up:

Unknown column 'asd' in 'field list'

I have tried deleting and remaking the table.

This is the code that sends the data:

$sql="INSERT INTO $tbl_name(topic_id, topic_title, topic_message, topic_date, topic_by)
      VALUES ('NULL', '$title', '$message', '$datetime', ".$_SESSION["username"].")";

When you register an account it sends data to the users table including user_name and THAT works with letters and/or digits even though the topic_by row has the same properties.

Answer 1

This is because you are trying to insert ".$_SESSION["username"]." without surrounding with quotes ' wich are needed since it's not an integer field. This will makes your database understand your actual username as a column. Simply use quote '".$_SESSION["username"]."' .

So your code will look like that

$sql="INSERT INTO $tbl_name (topic_id, topic_title, topic_message, topic_date, topic_by) VALUES ('NULL', '$title', '$message', '$datetime', '".$_SESSION["username"]."')";

Anyway i would strongly suggest you to use prepared statements to avoid any security risk, you can read a nice tutorial about PDO here