Link to home
Start Free TrialLog in
Avatar of ShaileshShinde
ShaileshShindeFlag for India

asked on

Adding value into mysql database

Hello Experts,

I am trying to add the value from the select element into mysql database table like below...

<td align="center"><form method="POST"><select name="ss1" type="list">
		<option value="0">0</option>
		<option value="1">1</option>
		<option value="2">2</option>
		<option value="3">3</option>
		</select><input type="submit"/></form></td>
<?php
		$name=$_POST['ss1'];
		$query=mysql_query("SELECT test FROM test_1 WHERE id='1' AND testid='2'");
	"The above query returns returns the resource id #12. "
	$row = mysql_fetch_row($query);
		$query1 = mysql_query("INSERT INTO '$row' VALUES ('$name')");
		mysql_query($query1);
        
        ?>

Open in new window


The value were not get inserted into the table in the column "test".
Can you suggest what's gone wrong in the above code or is there any better way to do this?

Thanks in Advance!
Shail
Avatar of Chris Sandrini
Chris Sandrini
Flag of Switzerland image
Hi

Your mysql Syntax is wrong. You need to tell in what table it has to store. Do you want to insert a new row or update it?

To insert a new value you would do
$query1 = mysql_query("INSERT INTO test_1 SET test = '{$name}'");

Open in new window



Read
http://dev.mysql.com/doc/refman/5.1/en/insert.html

PS: You should mysql_real_escape_string your vairables that are beeing passed by POST or GET to prevent people of misusing it

Change
$name=$_POST['ss1']

Open in new window


to

$name=mysql_real_escape_string($_POST['ss1']);

Open in new window

Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image
The standard syntax for an INSERT statement is 

INSERT INTO table_name (`field1`,`field2`, ...) VALUES ('value1','value2', ...);

Open in new window

Note: it is recemmonded you use backtics [`] to enclose your fieldnames to avoid having the query fail because a fieldname happens to be a reserved word.
String values should be enclosed in single quotes;

Any string value you send to the database should be "cleaned" with mysql_real_escape_string.

Example
INSERT INTO table_name (`field1`,`field2`, ...) 
  VALUES (
    mysql_real_escape_string($value1),
    mysql_real_escape_string($value2),
    ...

Open in new window

Integer values do not need quotes but will work with or without them. Date values need to be submitted as strings usually in the form yyyy-mm-dd.
Avatar of ShaileshShinde
ShaileshShinde
Flag of India image

ASKER

Hello Expert,
I would like to insert the value into the table "test_1" in column "test". the table were already been created with data entered for other columns. this particular column rows were empty in which i would like to insert the values in the row where id='1' and testid='2'.
table looks like below...
id,testid,test_1
1,2,
2,3,

Here test_1 column is blank, needs to add the value where id='1' and testid='2'.

Open in new window


Thanks,
Shail
ASKER CERTIFIED SOLUTION
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ShaileshShinde
ShaileshShinde
Flag of India image

ASKER

Thanks Expert.