function saveFile($catId,$docuTitle,$linkTitle) {
$result = mysql_query("INSERT INTO categories (cd_title, cd_link)
VALUES ('$docuTitle','$linkTitle') WHERE c_name = '$catID'");
return 'yes';
}
I want to insert the cd title and cd links based on the catergory selected.
我想根据所选的catergory插入cd标题和cd链接。
3 个解决方案
#1
Edit: Scott Saunders is right, you can't have a WHERE statement in an INSERT query.
编辑:Scott Saunders是对的,你不能在INSERT查询中有一个WHERE语句。
Original answer: You should give more info about the error, but you probably have a simple quote (') in on of the variables $docuTitle or $linkTitle, resulting in a malformed query.
原始答案:您应该提供有关错误的更多信息,但您可能在变量$ docuTitle或$ linkTitle中有一个简单的引号('),导致查询格式错误。
You should escape these variables, as well as $catId, with mysql_real_escape_string() before using them in requests, or else your app will be vulnerable to SQL Injection.
你应该在使用mysql_real_escape_string()之前使用mysql_real_escape_string()来转义这些变量以及$ catId,否则你的应用程序将容易受到SQL注入攻击。
You should read some docs about PDO, it is a great tool to avoid this kind of mistakes in SQL queries, and it helps a lot for evolutivity and maintainability.
您应该阅读一些关于PDO的文档,它是一个很好的工具,可以避免SQL查询中的这种错误,并且它对于进化和可维护性有很大帮助。
#2
You probably want:
你可能想要:
INSERT INTO categories (cd_title, cd_link, c_name) VALUES ('$docuTitle','$linkTitle', '$catID')
Unless you're updating existing rows, then change 'INSERT INTO' to 'UPDATE'
除非您要更新现有行,否则请将“INSERT INTO”更改为“UPDATE”
#3
you are combining an INSERT statement and an UPDATE statement.
您正在组合INSERT语句和UPDATE语句。
You need to choose the correct syntax:
您需要选择正确的语法:
INSERT INTO [TABLE] [COLUMNS] VALUES [VALUES]
UPDATE [TABLE] SET [COLUMNS] = [VALUE] WHERE [where clause]
#1
Edit: Scott Saunders is right, you can't have a WHERE statement in an INSERT query.
编辑:Scott Saunders是对的,你不能在INSERT查询中有一个WHERE语句。
Original answer: You should give more info about the error, but you probably have a simple quote (') in on of the variables $docuTitle or $linkTitle, resulting in a malformed query.
原始答案:您应该提供有关错误的更多信息,但您可能在变量$ docuTitle或$ linkTitle中有一个简单的引号('),导致查询格式错误。
You should escape these variables, as well as $catId, with mysql_real_escape_string() before using them in requests, or else your app will be vulnerable to SQL Injection.
你应该在使用mysql_real_escape_string()之前使用mysql_real_escape_string()来转义这些变量以及$ catId,否则你的应用程序将容易受到SQL注入攻击。
You should read some docs about PDO, it is a great tool to avoid this kind of mistakes in SQL queries, and it helps a lot for evolutivity and maintainability.
您应该阅读一些关于PDO的文档,它是一个很好的工具,可以避免SQL查询中的这种错误,并且它对于进化和可维护性有很大帮助。
#2
You probably want:
你可能想要:
INSERT INTO categories (cd_title, cd_link, c_name) VALUES ('$docuTitle','$linkTitle', '$catID')
Unless you're updating existing rows, then change 'INSERT INTO' to 'UPDATE'
除非您要更新现有行,否则请将“INSERT INTO”更改为“UPDATE”
#3
you are combining an INSERT statement and an UPDATE statement.
您正在组合INSERT语句和UPDATE语句。
You need to choose the correct syntax:
您需要选择正确的语法:
INSERT INTO [TABLE] [COLUMNS] VALUES [VALUES]
UPDATE [TABLE] SET [COLUMNS] = [VALUE] WHERE [where clause]