Felix F. Felix F. - 7 months ago 10
PHP Question

Insert POST Variable into Mysql depending on SESSION Variable

I'm trying to implement this:

$sql = "INSERT INTO users (location) WHERE social_id='".$_SESSION["FBID"]."' VALUES ('".$_POST["location"]."')";


So the Location value comes from a form, however, the WHERE is needed obviously because it needs to go into the correct row for the user.
This doesn't work, maybe someone knows if hyphens are misplaced?

Answer

you should have a look at this: MySQL Insert Where query

You don't want to insert, but update a record. You always insert a complete row - not a single column of an existing row. You use update for that. Therefore there is no need to use where when inserting.

Lookking at your problem it should be something like

UPDATE users SET location = $_POST["location"] where social_id = $_SESSION["FBID"]

As mentioned in the comment above you should, however still escape at least the location variable before inserting it.

Have a look at "mysql prepared statements"

Comments