JQuery POST to PHP not working "Unknown column"?

May 2, 2021

/*post.php*/
$id= $_POST['id']; 
$meta_title= $_POST['meta_title']; 
$meta_description= $_POST['meta_description']; 
$site_url=$_POST['site_url'];

/*mysql database connect*/

$query= "INSERT INTO `removedname`(`id`, `meta_title`, `meta_description`, `site_url`, `platform`) VALUES ($id,$meta_title,$meta_description,$site_url,'null')";

<!-- index.php -->

                        <script>
                           function SubmitFormData() {
                           var id = $("#id").val();
                           var meta_title = $("#meta_title").val();
                           var meta_description = $("#meta_description").val();
                           var site_url = $("#site_url").val();
                           $.post("post.php", { id: id, meta_title: meta_title , meta_description: meta_description , site_url: "site_url"},
                           function(data) {
                           $('#results').html(data);
                           $('#myForm')[0].reset();
                           });
                        }
                        </script>
                           <div id="results">
                           <form id="myForm" method="post">
                              <?php $rand=rand(10,2000);?>
                                 <input type="text" placeholder="<?= $rand?>" disabled id="id" require name="id" value="<?= $rand?>">
                                 <input type="hidden" id="id" name="id" value="<?= $rand?>">
                                 <input type="text" placeholder="Search name" id="meta_title" required name="meta_title"><br>
                                 <input type="text" placeholder="Site url (HTTP needed)" id="site_url" required name="site_url">
                                 <input type="text" placeholder="URL Desc" id="meta_description" required name="meta_description"><br>
                                 <input type="button" id="submitFormData" onclick="SubmitFormData();" value="Submit" />
                                 </form>
                        </div>

When i press Submit, If i have numbers inside the form (i.e.: site_url: 1234) It posts fine, but when i add Letters, something Skips it fully, or Gives an error. This is what i post to get the error

form breakdown

ID - meta_title

site_url - meta_description

and returns

C2dan88 · May 2, 2021

The values in your sql query need to wrapped in quotes otherwise mysql will think the text based values you are inserting are referring to other sql syntax, ie column names hence the sql error

$query= "INSERT INTO `removedname`(`id`, `meta_title`, `meta_description`, `site_url`, `platform`) VALUES ($id,'$meta_title','$meta_description','$site_url','null')";

That wll fix your error. But you should not be placing variables into a sql query like that without first sanitizing it to make safe to use in your query. Otherwise your code will be easily hackable with sql injections

https://phpdelusions.net/sql_injection

A better way of running sql queries is prepared queries.

https://phpdelusions.net/mysqli_examples/insert