I have a PHP Script with the following code:
$sql = "UPDATE tbl_p2e_place
SET
`listingName` = $listing_name, `listingDescription` = $listing_description,
`listingSpecialOffers` = $listing_special_offers, `listingFoodTypes` = $listing_food_types,
`listingAddress` = $listing_address, `CityID` = $listing_city,
`listingGPSSouth` = $gps_coordinate_south, `listingGPSEast` = $gps_coordinate_east,
`listingLatitude` = $map_latitude, `listingLongitude` = $map_longitude,
`listingTime` = $listing_timing, `listingNumber` = $booking_number,
`listingEmail` = $email_address, `listingWebsite` = $lisiting_website,
`listingTwitter` = $lisiting_twitter, `listingFacebook` = $lisiting_facebook,
`listingIsFeatured` = $is_featured, `listingDisplay` = $display
WHERE listingID = $listing_id";
if(!mysql_query($sql))
{
die('Update Error: ' . mysql_error());
}
mysql_close($con);
The problem arises when I want to run the query I get the following error:
Update Error: Unknown column 'Shop' in 'field list'
Shop was entered as a input from the form.
What could cause this and how can I stop it?
Regards
use '' for the variables like
"UPDATE tbl_p2e_place
SET
`listingName` = '".$listing_name."'................and so on
You need to put quotes around the variables in your query
Another important issue: you say this information comes from a form. Look up SQL Injection and query sanitation!
Use PDO, parametrized queries, or some kind of ADO abstraction layer.
What you are doing is prone to holes like SQL Injection, and to the errors which you just got. Of course, the easiest way to solve this exact problem, is to put apostrophes around the values, because, logically, the SQL string now looks like this:
....
`listingDisplay` = some value without quotes
and of course, MySQL Server will tell you that there is no column named 'some', and that you are missing commas, when in fact you are missing apostrophes around the value.
`listingIsFeatured` = '$is_featured', `listingDisplay` = '$display'