5 replies to this topic

[Whitey]

Heres the code

function procSubmitEmployee(){

   	global $session, $form;

	$name = $_POST["name"];

	$len = strlen($name);

	// Only Write To Database If There's A Name

	if ($len > 0)

	{

		$image = $_POST["suburl"];

		$bio = $_POST["bio"];

		$height = $_POST["height"];

		$width = $_POST["width"];

		

		$query = "INSERT INTO profiles (name, bio, imageurl, height, width) VALUES ('$name', '$bio', '$image', '$height', '$width')";

		mysql_query($query, @mysql_connect(DB_SERVER, DB_USER, DB_PASS)) or die(mysql_error());

		include("header2.inc");

		echo("<center><font size='4'><font color='red'>Post has been submitted! Will redirect in 2 seconds</center></font>");

		echo("<META HTTP-EQUIV='refresh' CONTENT='2;main.php'>");

		//header("location:news.php");

		include("footer.inc");

	}

		}

Heres the error

Unknown column 'bio' in 'field list'

Now here are my fields

        name  	     varchar(30) 	  No  	

	bio 	       text 		       No

	imageurl     text		    Yes 	 NULL 		

	height 	      int(3) 	             Yes 	  NULL

	width 	      int(3) 		     Yes 	  NULL 	

[John]

Two things jump out at me:

1) If $image is a URL that contains slashes [ http:// ] you might want to try stripping the slashes.

2) $height and $width are strings yet your mysql table is expecting integers.

[Whitey]

Those weren't the problem i figured it out.. it was a goofy error.. but the image is a string that contains integers.. if you get what i mean. and the http:// works fine.. :D

[Whitey]

In the query i had profiles it was suppose to be profile haha

[John]

Just a piece of advice. You should never directly query your database with variables that can be altered by the user [GET/POST/REQUEST] as that makes your code open to SQL Injections. Read my tutorial in the security tutorials section for more information. :)