Hi,
I am sure this question has been asked many times before, but the answers I have found so far don't fit my problem exactly.
I know that the normal reason for getting this message is the the field really doesn't exist or is misspelled. And for all intent and purpose this is true in my case. The column really doesn't exist, simply because it's not supposed to.
To explain, the script shown below is supposed to check for the existence of a username before a new one is created. What is happening is that the username to be tested is being inserted into the SQL statement as the column instead of the test.
so instead of the statement reading SELECT 'user' FROM users WHERE 'users' = % it reads SELECT 'user' FROM users WHERE 'testusername' = % which is wrong.
I have manged to fix this problem in the past by making very minor typing adjustments but in this one that makes no difference. I am now at a bit of a loss.
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="register_exist.php";
$loginUsername = $_POST['user'];
$LoginRS__query = sprintf("SELECT `user` FROM users WHERE `user` = %s", GetSQLValueString($loginUsername, "-1"));
mysql_select_db($database_gsmres, $gsmres);
$LoginRS=mysql_query($LoginRS__query, $gsmres) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO users (`user`, pwd, firstname, surname, email_address, location, occupation) VALUES (%s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['user'], "text"),
GetSQLValueString($_POST['pwd'], "text"),
GetSQLValueString($_POST['firstname'], "text"),
GetSQLValueString($_POST['surname'], "text"),
GetSQLValueString($_POST['email_address'], "text"),
GetSQLValueString($_POST['location'], "text"),
GetSQLValueString($_POST['occupation'], "text"));
mysql_select_db($database_gsmres, $gsmres);
$Result1 = mysql_query($insertSQL, $gsmres) or die(mysql_error());
$insertGoTo = "registered.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
Uknown column '???' in where clause
Moderator: General Moderators