• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 442
  • Last Modified:

Adding value into mysql database

Hello Experts,

I am trying to add the value from the select element into mysql database table like below...

<td align="center"><form method="POST"><select name="ss1" type="list">
		<option value="0">0</option>
		<option value="1">1</option>
		<option value="2">2</option>
		<option value="3">3</option>
		</select><input type="submit"/></form></td>
<?php
		$name=$_POST['ss1'];
		$query=mysql_query("SELECT test FROM test_1 WHERE id='1' AND testid='2'");
	"The above query returns returns the resource id #12. "
	$row = mysql_fetch_row($query);
		$query1 = mysql_query("INSERT INTO '$row' VALUES ('$name')");
		mysql_query($query1);
        
        ?>

Open in new window


The value were not get inserted into the table in the column "test".
Can you suggest what's gone wrong in the above code or is there any better way to do this?

Thanks in Advance!
Shail
0
ShaileshShinde
Asked:
ShaileshShinde
  • 2
  • 2
1 Solution
 
Chris SandriniSenior System EngineerCommented:
Hi

Your mysql Syntax is wrong. You need to tell in what table it has to store. Do you want to insert a new row or update it?

To insert a new value you would do
$query1 = mysql_query("INSERT INTO test_1 SET test = '{$name}'");

Open in new window



Read
http://dev.mysql.com/doc/refman/5.1/en/insert.html

PS: You should mysql_real_escape_string your vairables that are beeing passed by POST or GET to prevent people of misusing it

Change
$name=$_POST['ss1']

Open in new window


to

$name=mysql_real_escape_string($_POST['ss1']);

Open in new window

0
 
Julian HansenCommented:
The standard syntax for an INSERT statement is

INSERT INTO table_name (`field1`,`field2`, ...) VALUES ('value1','value2', ...);

Open in new window

Note: it is recemmonded you use backtics [`] to enclose your fieldnames to avoid having the query fail because a fieldname happens to be a reserved word.
String values should be enclosed in single quotes;

Any string value you send to the database should be "cleaned" with mysql_real_escape_string.

Example
INSERT INTO table_name (`field1`,`field2`, ...) 
  VALUES (
    mysql_real_escape_string($value1),
    mysql_real_escape_string($value2),
    ...

Open in new window

Integer values do not need quotes but will work with or without them. Date values need to be submitted as strings usually in the form yyyy-mm-dd.
0
 
ShaileshShindeAuthor Commented:
Hello Expert,
I would like to insert the value into the table "test_1" in column "test". the table were already been created with data entered for other columns. this particular column rows were empty in which i would like to insert the values in the row where id='1' and testid='2'.
table looks like below...
id,testid,test_1
1,2,
2,3,

Here test_1 column is blank, needs to add the value where id='1' and testid='2'.

Open in new window


Thanks,
Shail
0
 
Julian HansenCommented:
Then you need to use an update statement not an insert.

Update is for when the row already exists but in order to update the table you need a means to specify the row you want to update.

the syntax is
$query = "UPDATE test_1 SET test='$test' WHERE id=1 AND testid=2";

Open in new window

This will update the row that has id=1 and testid=2 - change if you need to update a different row.
0
 
ShaileshShindeAuthor Commented:
Thanks Expert.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now