Rectangle 27 0

php Using INSERT INTO On Duplicate Key UPDATE for form input?


$sql='INSERT INTO style_test SET ' . $setlist.' WHERE user_id = ' . $user_id. ' ON DUPLICATE KEY UPDATE ' . $setlist;
$sql='UPDATE style_test SET '.$setlist.' WHERE user_id='.$user_id;
$sql='UPDATE style_test SET ;.$setlist.' WHERE user_id='.$user_id;
                            ^
                            Here

For on duplicate key update, you add that to your SQL query, followed by all the column = value fields you want to update:

I also appreciate your pointing out the other issues, and I'm going to look into how to modify the code to prevent injection asap. I wasn't sure what you meant though about the mysql_* functions being deprecated since the code I've used is based on W3schools suggested code and I couldn't find anything that seemed to be an issue in their list of deprecated functions. Would it be better to use: $result = @mysql_query($qry); if($result) { exit(); }else { die('Error: ' . mysql_error()); } Instead of: if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); }

I'll look into that :-) But would you mind clarifying for me which part of my code is a problem due to being deprecated?

No, then you are suppressing errors. You should be using PDO. There are plenty of examples on stackoverflow and the docs to get you started.

That did it :-D Thanks for catching that :-) Now that it's working it made me realize that I really need to be using 'On Duplicate Key UPDATE' and I edited the question accordingly.

The syntax highlighter shows you where your problem is:

This needs to be a single quote:

You should also note that the mysql_* functions are deprecated, and you should not be using them. Also, your original code is wide open to SQL injection.

mysql_query() is being deprecated, you can see the red box on the doc page for it. Also, the other part of your problem is SQL injection, which PDO can fix if you used prepared statements (all things you can search for examples).

Note