Mysql INSERT INTO无法正常工作 - 语法正确

Question

I have this simple insert into query that seems to be outputting an error I cannot find and it's driving me nuts:(

would someone help me.

error is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE `User_Id`='16'' at line 1

Query is:

$insert = "INSERT INTO `pf_users` (`Task4`,`Task5`,`Task6`,`Task7`) VALUES ('$task4','$task5','$task6','$task7') WHERE `User_Id`='$GetUser'";

And here is the php code:

if(empty($_POST) === false) {
    $task4 = sanitize($_POST['task4']);
    $task5 = sanitize($_POST['task5']);
    $task6 = sanitize($_POST['task6']);
    $task7 = sanitize($_POST['task7']);

    $GetUser = $_SESSION['User_Id'];

    //Query not inserting into database
    $insert = "INSERT INTO `pf_users` (`Task4`,`Task5`,`Task6`,`Task7`) VALUES ('$task4','$task5','$task6','$task7') WHERE `User_Id`='$GetUser'";

    echo "<pre>".$insert."</pre>";

    mysql_query($insert) or die(mysql_error()); 
}

Sanitize function is mysql_real_escape_string() and the $task values are receiving the form data.

Thanks.

Answer 1

You can't use a where clause in an insert.

When you insert a row, it just adds everything in.

If you want to update an existing record, then you use the where clause to identify which one you want to update.

$insert = "INSERT INTO `pf_users` (`Task4`,`Task5`,`Task6`,`Task7`) VALUES ('$task4','$task5','$task6','$task7')";

or

$update = "update `pf_users` set `Task4`='$task4',`Task5`='$task5', `Task6`='$task6', `Task7`='$task7' where `User_Id`='$GetUser'";

Edit: As I have too many upvotes for such a simple answer, I better update it a touch more. There is a syntax in mySQL that lets you do both insert and update - or rather it will pick which you need to do. It is called "insert... on duplicate key" which looks like this:

$insertOrUpdate="insert into pf_users (task4, task5, task6, task7) values ('$task4', '$task5', '$task6', '$task7')
    on duplicate key update task5='$task5', task6='$task6', task7='$task7'";

To use this, you will need to have a key defined however - this could be a primary key or a composite key. The syntax tries to insert a row, and if that breaches the key restrictions, updates the row it would have inserted. In the example above, I assumed that task4 was the primary key and therefore it was omitted from the update section of the query.

Answer 2

Remove WHERE in your sql statement. But you can use WHERE in INSERT...SELECT statement.

Maybe you want to use UPDATE

UPDATE  `pf_users`
SET `Task4` = '$task4'
    `Task5`= '$task5'
    `Task6`= '$task6'
    `Task7` = '$task7'
WHERE `User_Id`='$GetUser'

Answer 3

你应该使用update而不是insert ：

$insert = "UPDATE `pf_users` SET `Task4`='$task4',`Task5`='$task5'.... WHERE `User_Id`='$GetUser'";

Answer 4

insert query never contains where clause , if you want it to use .you must be use update query. Also you can use this:-

$update = "UPDATE `pf_users` (`Task4`,`Task5`,`Task6`,`Task7`) VALUES ('$task4','$task5','$task6','$task7') WHERE `User_Id`='$GetUser'";
$result = mysql_query($update);

or you can use it.

$insert = "INSERT INTO `pf_users` SET `Task4` = '".mysql_real_escape_string($task4)."',`Task5`= '".mysql_real_escape_string($task5)."',`Task6`= '".mysql_real_escape_string($task6)."',`Task7`='".mysql_real_escape_string($task7)."'";
$result = mysql_query($insert);

you can edit it by your need. hope it will help you. i try to make it ofr you as simple as i can. security features may be not good in this script ,you have to do some more for that.