9 Replies - 1563 Views - Last Post: 12 July 2013 - 01:41 PM Rate Topic: -----

#1 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

Insert into where....

Posted 12 July 2013 - 12:23 PM

Hello, I want to make something like a profile description for my site and I wanted to insert into the table the description for the specific user. My code is like this:

<html>
<form action="description.php" method="POST">
Description:<br /><textarea name="desc"></textarea><br />
<input type="submit" name="submit" value="Confirm description">
</form>
</html>

<?php
session_start();
//connect---------------------------------------------------------
$connect = mysql_connect("localhost", "*****", "*******");
$db = mysql_select_db("313236");
//----------------------------------------------------------------
$username = @$_SESSION['username'];
$desc = @$_POST['desc'];

if($username){
	if(isset($submit)){
		if(empty($desc)){
			echo "You must add a description!";
		}else{
			if($query = mysql_query("INSERT INTO users2 (`desc`) VALUES ('".$desc."') WHERE username ='".$username."'")){
				echo "Success";
			}else{
				echo "Failed! ", mysql_error();
			}
		}
	}
}else{
	die("You must be logged in to add a description!");
}
?>



If anyone can help me I will appreciate it :)/>/>

This post has been edited by macosxnerd101: 12 July 2013 - 12:28 PM
Reason for edit:: Removed username and password


Is This A Good Question/Topic? 0
  • +

Replies To: Insert into where....

#2 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 8897
  • View blog
  • Posts: 33,364
  • Joined: 12-June 08

Re: Insert into where....

Posted 12 July 2013 - 12:26 PM

Let's stop and think for a minute. You INSERT new records, and UPDATE existing records. Would a WHERE clause make sense for an INSERT if there is no existing record? Not really, right?
Was This Post Helpful? 0
  • +
  • -

#3 macosxnerd101  Icon User is online

  • Self-Trained Economist
  • member icon




Reputation: 10364
  • View blog
  • Posts: 38,368
  • Joined: 27-December 08

Re: Insert into where....

Posted 12 July 2013 - 12:29 PM

Moved to PHP.

I've gone ahead and removed the username and password for your database connection from your code. Be smarter about what you post on the internet.
Was This Post Helpful? 0
  • +
  • -

#4 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

Re: Insert into where....

Posted 12 July 2013 - 12:42 PM

View Postmodi123_1, on 12 July 2013 - 12:26 PM, said:

Let's stop and think for a minute. You INSERT new records, and UPDATE existing records. Would a WHERE clause make sense for an INSERT if there is no existing record? Not really, right?


Okay, and how will I do it? When the user adds a description while he is logged in, in the table it shows up only the description, the username, password, id are empty...
Was This Post Helpful? 0
  • +
  • -

#5 macosxnerd101  Icon User is online

  • Self-Trained Economist
  • member icon




Reputation: 10364
  • View blog
  • Posts: 38,368
  • Joined: 27-December 08

Re: Insert into where....

Posted 12 July 2013 - 12:51 PM

Why isn't there a record in the database for the user if he or she can log in? That doesn't make sense.
Was This Post Helpful? 1
  • +
  • -

#6 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

Re: Insert into where....

Posted 12 July 2013 - 12:58 PM

View Postmacosxnerd101, on 12 July 2013 - 12:51 PM, said:

Why isn't there a record in the database for the user if he or she can log in? That doesn't make sense.


Hey, I tried to UPDATE my table and it doesn't work >.< Take a look

<?php
session_start();
//connect---------------------------------------------------------
$connect = mysql_connect("localhost", "*******", "***********");
$db = mysql_select_db("*********");
//----------------------------------------------------------------
$username = @$_SESSION['username'];
$desc = @$_POST['desc'];

if($username){
	if(isset($submit)){
		if(empty($desc)){
			echo "You must add a description!";
		}else{
			if($query = mysql_query("UPDATE users2 SET desc = '".$desc."'")){
				echo "Success";
			}else{
				echo "Failed! ", mysql_error();
			}
		}
	}
}else{
	die("You must be logged in to add a description!");
}
?>



Gosh.. :crazy:
Was This Post Helpful? 0
  • +
  • -

#7 macosxnerd101  Icon User is online

  • Self-Trained Economist
  • member icon




Reputation: 10364
  • View blog
  • Posts: 38,368
  • Joined: 27-December 08

Re: Insert into where....

Posted 12 July 2013 - 12:59 PM

It "doesn't work" how so? Please specifically describe your problems and errors so we can better assist you.
Was This Post Helpful? 0
  • +
  • -

#8 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 8897
  • View blog
  • Posts: 33,364
  • Joined: 12-June 08

Re: Insert into where....

Posted 12 July 2013 - 01:00 PM

Explain your table structure.
Was This Post Helpful? 0
  • +
  • -

#9 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

Re: Insert into where....

Posted 12 July 2013 - 01:23 PM

View Postmodi123_1, on 12 July 2013 - 01:00 PM, said:

Explain your table structure.


I fixed it :)
Thanks btw
Was This Post Helpful? 0
  • +
  • -

#10 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2889
  • View blog
  • Posts: 10,000
  • Joined: 08-August 08

Re: Insert into where....

Posted 12 July 2013 - 01:41 PM

View PostJib Giannis, on 12 July 2013 - 04:23 PM, said:

View Postmodi123_1, on 12 July 2013 - 01:00 PM, said:

Explain your table structure.


I fixed it :)/>
Thanks btw

Great, now explain why you want your site to be hacked. You must since you're using deprecated and insecure mysql functions.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1