I'm having trouble making SQL injection work with an INSERT statement and I'm not sure what I'm doing wrong. The PHP code for the SQL request looks like this:
mysql_query("INSERT INTO txtcomment (id,comment) VALUES ('" . $_POST['id'] . "','" . $_POST['comment']. "')")
Whenever I try to insert into the comment field, it doesn't seem to work. If I attempt to insert into the ID field, it gives me the error "ERROR: Data truncated for column "id" at row 1". It does that even if I just add a ' to the id parameter. If I put a character other than a number into the ID field, I get the error "ERROR: Out of range value adjusted for column "id" at row 1".
When I attempt in the comment field, my whole query goes into the database, special characters and all. There doesn't seem to be any escaping done in the PHP code, so I can't tell why I can't get it to work.
Any obvious mistakes I'm making?