ansaurus

Question

Answer 1

+2 A:

No your code is not correct. You are adding a new row to your table not updating existing values. To update existing values, you want to use an update statement:

Upate a specific record

mysql_query("Update login SET nameOfYourColumn = '$cleanURL' WHERE primaryKey = idOfRowToUpdate")

To update the entire table

mysql_query("Update login SET nameOfYourColumn = '$cleanURL'")

Tommy 2010-07-12 13:00:52

Probably want quotes around the variable, but this.

Ignacio Vazquez-Abrams 2010-07-12 13:02:26

added them, thanks for pointing out the missing quotes.

Tommy 2010-07-12 13:05:55

Thanks... this looks promising... but now it's just putting a blank / null entry into the field. Any idea why that would happen?

John 2010-07-12 14:33:10

Have you set $cleanURL correctly?

Tommy 2010-07-12 14:55:43

Thanks... I posted another question and people pointed out that I had left the quotes off of $cleanurl.

John 2010-07-13 01:19:57

Answer 2

+1 A:

First off: INSERT adds a new record to a table, UPDATE updates (overwrites) one or more existing records.

Second: UPDATE needs to know the name of the column to update, and which rows to update

UPDATE <tableName>
   SET <columnName> = '$cleanurl'
 WHERE <some condition to identify which record should be updated>

Thirdly: it's probably worth your while reading a few basic tutorials on MySQL/SQL

Mark Baker 2010-07-12 13:02:41

Answer 3

+1 A:

If I've understood your question then the answer is "no". This isn't a mysql specific issue either, it's a generic SQL question. I'd strongly recommend going through an SQL tutorial, the best one I know if is here:

http://philip.greenspun.com/sql/

To answer your question, you should be able to do:

mysql_query("UPDATE login SET foo = '$cleanurl'");

where "foo" is the name of the tenth field.

A few other comments though:

Firstly, don't rely on the position of your fields, always explicitly list the field names. For example, it's better to go

INSERT INTO login (id, name) VALUES (1, 'Fred')

instead of

INSERT INTO login VALUES (1, 'Fred')

Point 2: You have directly embedded the value of $cleanurl into your query. Of course, you have to learn one thing at a time but be aware that this is very dangerous. If $cleanurl contains something like "'); DROP TABLE login;" then you might be in trouble. This is called SQL injection and is the source of constant security problems. Without going into too much detail, you should learn how to use prepared statements.

Point 3: PHP comes with a library called PDO which supports prepared statements. It also provides a common API for interacting with your database so if you find that you need to move from Mysql to another DBMS, PDO will abstract away most of the differences. By using the mysql_query function you lock yourself into using mysql.

You don't have to address all of these issues simultaneously but don't forget about them either, once you get familiar with PHP and SQL come back to the points about PDO and prepared statements.

Good luck,

-Phil

PhilDin 2010-07-12 13:12:57

ansaurus

tags:

views:

answers:

Overwriting data in a MySQL table

related questions