Unknown column in 'field list"

0
votes

i keep getting this error when trying to update/insert a record:

Unknown column 'test' in 'field list' SQL=INSERT INTO oovea_vehiclemanager_feature_vehicles (fk_vehicleid, fk_featureid, fk_value) VALUES (13, 56, test)

Here is the form I have setup:

<?php
if (isset($_POST['feature'])){
    $feature = $_POST['feature'];
    $featureInput = $_POST['featureInput'];
    $database->setQuery("DELETE FROM #__vehiclemanager_feature_vehicles WHERE fk_vehicleid = " . $vehicle->id);
    $database->query();
    for ($i = 0; $i < count($feature); $i++) {
        $database->setQuery("INSERT INTO #__vehiclemanager_feature_vehicles (fk_vehicleid, fk_featureid, fk_value) VALUES (" . $vehicle->id . ", " . $feature[$i] . ", " . $featureInput[$i] . ")");
        $database->query();
    }
}
?>

And here is my form fields:

<?php 
if($vehicle_feature[$i]->name): ?>
<div class="checkbox_vm">   
    <input type="checkbox" class="checkbox_veh" id="checkbox_addveh<?php echo $i; ?>" <?php if ($vehicle_feature[$i]->check) echo "checked"; ?> name="feature[]" value="<?php echo $vehicle_feature[$i]->id; ?>">   
    <label for="checkbox_addveh<?php echo $i; ?>"><?php echo $vehicle_feature[$i]->name; ?></label>    
    <input type="text" class="" id="input_addveh<?php echo $i; ?>" name="featureInput[]" value="<?php echo $vehicle_feature[$i]->value; ?>">    
</div>
<?php endif; ?>

Obviously, from the error above, I can see that the value for the featureInput field is being posted, and the syntax for my "INSERT INTO" looks correct. Also, it will work if i simply remove the column for "fk_value","$featureInput[$i].

2
phpsql
you need to put quotes around test assuming it is a string , else i t will be treated as an identifier / field - Doon
It does not look correct, VALUES (13,56, 'test') would be correct. - Ingo
BTW, ever heard about SQL injection? - Ingo
why was this question down voted? - spojam
I always consider downvoting without explaining why to be an act of cowardice. - Dan Bracuk

2 Answers

1
votes

Try to use single quotes:

VALUES ('" . $vehicle->id . "', '" . $feature[$i] . "', '" . $featureInput[$i] . "')
1
votes

You haven't properly quoted your string data in your query.

Try this:

<?php
if (isset($_POST['feature'])) {
    $feature = $_POST['feature'];
    $featureInput = $_POST['featureInput'];
    $database->setQuery("DELETE FROM #__vehiclemanager_feature_vehicles WHERE fk_vehicleid = $vehicle->id");
    $database->query();
    for ($i = 0; $i < count($feature); $i++) {
        $database->setQuery("INSERT INTO #__vehiclemanager_feature_vehicles (fk_vehicleid, fk_featureid, fk_value) VALUES ($vehicle->id,$feature[$i],'$featureInput[$i]')");
        $database->query();
    }
}
?>

You also have some serious SQL injection issues you need to deal with otherwise an attacker could very easily hack your database.