Page 1 of 1
SQL syntax
Posted: Sat Mar 03, 2007 2:23 am
by cty007
can anyone help me to edit it to correct form?
$query="insert into book(buyer) values('".$x."')where id=".$book;
Re: SQL syntax
Posted: Sat Mar 03, 2007 2:52 am
by hrubos
cty007 wrote:can anyone help me to edit it to correct form?
$query="insert into book(buyer) values('".$x."')where id=".$book;
Code: Select all
$query="insert into book (id_book, buyer) values ("$book","$x") ;
I hope you will get it.
Posted: Sat Mar 03, 2007 4:02 am
by Mordred
Actually (but I'm guessing your intent) you need UPDATE to update an existing row:
(assuming somewhere above you have escaped x and book, and that you're using mysql, and have magic_quotes disabled)
Code: Select all
$x = mysql_real_escape_string($x);
$book = mysql_real_escape_string($book);
//...
$query = "UPDATE `book` SET `buyer`='$x' WHERE `id`='$book'";
Note which fields are quoted by which quotes.
Posted: Sat Mar 03, 2007 7:07 am
by the_last_tamurai
yes you're right Mordred...
but a question here....is the quotes surround table name, in our example
`book`
are they mandatory????? because I have some examples worked without it and otherssss not

Posted: Sat Mar 03, 2007 7:37 am
by Chris Corbyn
They are not mandatory. Placing backticks around table (and column) names simply makes it clearer that they are tables. You do need these if you happen to a keyword for a table or column name. For example:
Won't work.
But:
Will work

Posted: Sat Mar 03, 2007 7:41 am
by Mordred
Well, if you've seen it work without, than it must mean they're not mandatory
It is generally a matter of good coding style, but sometimes they are the only way to go. We've had questions here from people having problems with their queries because they used reserved keywords for column names (I reacall 'desc' in particular). The backtick quotes (`) prevent any such problems, and I strongly suggest them to be used at all times.
Posted: Sat Mar 03, 2007 7:46 am
by the_last_tamurai
thank YOU

Posted: Sat Mar 03, 2007 1:17 pm
by RobertGonzalez
I will second that... always backtick your database names, table names and field names. I even use them in stored procures.