1

I have applied a insert query but its giving error .

$registerquery = mysql_query("INSERT INTO `registration`(`Activation`) VALUES('".$activation."') WHERE email= '". trim($_POST['email']) ."'");
Ranbir Singh
  • 203
  • 3
  • 18
  • 4
    `INSERT`'s don't have a `WHERE` clause. Did you mean to use an `UPDATE`? – Wrikken Nov 16 '13 at 08:33
  • What's the error say, Did you run mysql_connect first, and select a database? Also you should look into other methods of connecting to a sql database. As mysql_ functions are depreciated. – James McDonnell Nov 16 '13 at 08:34
  • Past the immediate issue, you are taking `$_POST['email']` directly without any filtering in any way? Bad practice. – Giacomo1968 Nov 16 '13 at 08:36
  • Actually i am going to take the value from the session .thanks for correcting me – Ranbir Singh Nov 16 '13 at 08:38

4 Answers4

2

if you want just update a column in table so you need an UPDATE not INSERT .

and also you should sanitize you POST variable to prevent sql injection.

  $email = mysql_real_escape_string($_POST['email'])) ;

  $registerquery = mysql_query("UPDATE `registration` 
                              SET `Activation` '".$activation."'
                              WHERE email= '". trim($email) ."'");
  • Please move to PDO or mysqli as mysql is already deprecated.
echo_Me
  • 37,078
  • 5
  • 58
  • 78
2

It seems you are trying to overwrite an existing value use an UPDATE statement and not an INSERT statement this is the reason why it is not working. INSERT works when you are trying to insert a new value there should not be a condition in it (where clause).

5eeker
  • 1,016
  • 1
  • 9
  • 30
1

check this registration(Activation) it does not seem correct, the ` should maybe be ' and maybe you should start the query with @ in order to avoid sql injection attack

Mohammad S.
  • 429
  • 1
  • 6
  • 26
  • Back ticks (`) are allowed in mysql, are used to denote field names, So should not be used around `registration`. See http://stackoverflow.com/questions/261455/using-backticks-around-field-names – James McDonnell Nov 16 '13 at 08:35
1

Use update statement instead of INSERT to use where clause

$registerquery = mysql_query("UPDATE `registration` 
                    SET `Activation` = '".$activation." 
                    WHERE email= '". trim($_POST['email']) ."'"
                 );
Harish Singh
  • 3,359
  • 5
  • 24
  • 39