SQL syntax

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
cty007
Forum Newbie
Posts: 9
Joined: Thu Dec 14, 2006 11:15 pm

SQL syntax

Post by cty007 »

can anyone help me to edit it to correct form?


$query="insert into book(buyer) values('".$x."')where id=".$book;
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Re: SQL syntax

Post by hrubos »

cty007 wrote:can anyone help me to edit it to correct form?


$query="insert into book(buyer) values('".$x."')where id=".$book;

Code: Select all

$query="insert into book (id_book, buyer) values ("$book","$x") ;
I hope you will get it.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Actually (but I'm guessing your intent) you need UPDATE to update an existing row:
(assuming somewhere above you have escaped x and book, and that you're using mysql, and have magic_quotes disabled)

Code: Select all

$x = mysql_real_escape_string($x);
$book = mysql_real_escape_string($book);
//...
$query = "UPDATE `book` SET `buyer`='$x' WHERE `id`='$book'";
Note which fields are quoted by which quotes.
User avatar
the_last_tamurai
Forum Commoner
Posts: 87
Joined: Wed Feb 28, 2007 8:24 am
Location: cairo
Contact:

Post by the_last_tamurai »

yes you're right Mordred...
but a question here....is the quotes surround table name, in our example
`book`
are they mandatory????? because I have some examples worked without it and otherssss not 8O
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

They are not mandatory. Placing backticks around table (and column) names simply makes it clearer that they are tables. You do need these if you happen to a keyword for a table or column name. For example:

Code: Select all

SELECT delete FROM update
Won't work.

But:

Code: Select all

SELECT `delete` FROM `update`
Will work :)
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Well, if you've seen it work without, than it must mean they're not mandatory :)

It is generally a matter of good coding style, but sometimes they are the only way to go. We've had questions here from people having problems with their queries because they used reserved keywords for column names (I reacall 'desc' in particular). The backtick quotes (`) prevent any such problems, and I strongly suggest them to be used at all times.
User avatar
the_last_tamurai
Forum Commoner
Posts: 87
Joined: Wed Feb 28, 2007 8:24 am
Location: cairo
Contact:

Post by the_last_tamurai »

thank YOU :)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I will second that... always backtick your database names, table names and field names. I even use them in stored procures.
Post Reply