Getting an error in this Query

Question

function saveFile($catId,$docuTitle,$linkTitle) {

 $result = mysql_query("INSERT INTO categories (cd_title, cd_link)
                       VALUES ('$docuTitle','$linkTitle') WHERE c_name = '$catID'");    

      return 'yes';

     }

I want to insert the cd title and cd links based on the catergory selected.

Answer 1

Edit: Scott Saunders is right, you can't have a WHERE statement in an INSERT query.

Original answer: You should give more info about the error, but you probably have a simple quote (') in on of the variables $docuTitle or $linkTitle, resulting in a malformed query.

You should escape these variables, as well as $catId, with mysql_real_escape_string() before using them in requests, or else your app will be vulnerable to SQL Injection.

You should read some docs about PDO, it is a great tool to avoid this kind of mistakes in SQL queries, and it helps a lot for evolutivity and maintainability.

Answer 2

You probably want:

INSERT INTO categories (cd_title, cd_link, c_name) VALUES ('$docuTitle','$linkTitle', '$catID')

Unless you're updating existing rows, then change 'INSERT INTO' to 'UPDATE'

Answer 3

you are combining an INSERT statement and an UPDATE statement.

You need to choose the correct syntax:

INSERT INTO [TABLE] [COLUMNS] VALUES [VALUES]

UPDATE [TABLE] SET [COLUMNS] = [VALUE] WHERE [where clause]