[英]“Unknown column in 'field list'”when trying to post thread
I've made a simple forum in which you can log in to post threads. 我做了一个简单的论坛,你可以在其中登录帖子。 I have a users table and a topics table.
我有一个用户表和一个主题表。 When you post a thread it sends information to the topics table containing id, title, message, date and username.
当您发布一个帖子时,它会向包含ID,标题,消息,日期和用户名的主题表发送信息。 The problem is that I can only post threads when logged in with a username containing only digits.
问题是我只能在使用仅包含数字的用户名登录时发布帖子。 I noticed that i had the topic_by (username) on INT which i changed to VARCHAR.
我注意到我在INT上有了topic_by(用户名),我改为VARCHAR。 That didn't fix the problem though, it still only works if you have only digits in your username.
但这并没有解决问题,它仍然只有你的用户名只有数字才有效。 If you try to post with a username containing letters the following line shows up:
如果您尝试使用包含字母的用户名发布,则会显示以下行:
Unknown column 'asd' in 'field list' '字段列表'中的未知列'asd'
I have tried deleting and remaking the table. 我试过删除并重新制作表格。
This is the code that sends the data: 这是发送数据的代码:
$sql="INSERT INTO $tbl_name(topic_id, topic_title, topic_message, topic_date, topic_by)
VALUES ('NULL', '$title', '$message', '$datetime', ".$_SESSION["username"].")";
When you register an account it sends data to the users table including user_name and THAT works with letters and/or digits even though the topic_by row has the same properties. 注册帐户时,它会向users表发送数据,包括user_name,即使topic_by行具有相同的属性,THAT也可以使用字母和/或数字。
This is because you are trying to insert ".$_SESSION["username"]."
这是因为您正在尝试插入
".$_SESSION["username"]."
without surrounding with quotes '
wich are needed since it's not an integer field. 但不带有引号
'
至极需要,因为它不是一个整数字段。 This will makes your database understand your actual username
as a column. 这将使您的数据库将您的实际
username
理解为列。 Simply use quote '".$_SESSION["username"]."'
. 只需使用quote
'".$_SESSION["username"]."'
。
So your code will look like that 所以你的代码看起来就像那样
$sql="INSERT INTO $tbl_name (topic_id, topic_title, topic_message, topic_date, topic_by) VALUES ('NULL', '$title', '$message', '$datetime', '".$_SESSION["username"]."')";
Anyway i would strongly suggest you to use prepared statements
to avoid any security risk, you can read a nice tutorial about PDO
here 无论如何,我强烈建议你使用
prepared statements
来避免任何安全风险,你可以在这里阅读一篇关于PDO
的好教程
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.