MySQL Insert with PHP

Question

Hi everyone im stuck with this code im practically new to php... what im trying to do is,im trying to insert into the database one field called Id_Obj and its a VarChar but when im trying to send it it tells me "Unknown Column 'Id_Obj4' in 'field List' i really got no idea what to do the insert looks like this i forgot it was different when passing a variable and just the string so it really look like this i was lazy the first time sorry :S

while($info=mysql_fetch_Array($data))
{
print "name :".$info['Id']." ";
$count=$info['Id'];
}
    $t="INSERT INTO Table_Faces(Id_Obj,Num_Sides)VALUES(";
    $t = $t."IdObj$count".",".$_GET["ns"];
    $t = $t.")";
    mysql_query($t);

the fields in the database are Id,Id_Obj,Num_Sides

help me please

Answer 1

The problem is the values in your query should be quoted. Try this:

$t='INSERT INTO Table_Faces(Id_Obj,Num_Sides)VALUES(';
$t .= '"IdObj' . $count . '", "' . $_GET["ns"] . '")';
mysql_query($t);

Note that you are explicitly pasting an $_GET[] variable into your query, which is a direct security issue, everybody who has the URL can use SQL injection.

Answer 2

Are you trying to create a new field called Id_Obj4 in the table Table_Faces or are you trying to add a value of Id_Obj4 into the field Id_Obj?

Try

$t  = 'INSERT INTO Table_Faces (Id_Obj, Num_Sides) VALUES ';
$t .= '("IdObj' . $count . '", "' . $_GET['ns'] . '")';

Note that there's a massive potential for Bobby Tables errors right there.

Answer 3

You need quotes around your insert values

while($info=mysql_fetch_Array($data))
{
    print "name :".$info['Id']." ";
    $count=$info['Id'];
}

$t="INSERT INTO Table_Faces(Id_Obj,Num_Sides)VALUES(";
$t = $t."'IdObj$count'".",'".$_GET["ns"]."'";
$t = $t.")";
mysql_query($t);

ie INSERT INTO Table_Faces (Id_Obj, Num_Sides) VALUES('asdf','foo')

I also recommend you use mysql_real_escape_string on all of the variables you are inserting in a table to avoid SQL injection attacks.