-2

I believe it has to be simple, but I'm totally green in SQL. I will include pictures of the database so it will be easier to imagine. I use it in my PHP code that is accessed by Flash to enter data into the database.

This is my code which doesn't work:

$sql = "SELECT * FROM users 
        WHERE username = '$username' AND password = '$password' 
        INSERT INTO users (contactlist) VALUES ('$xmlcontactlist1')";

I want the data from variable $xmlcontaclist1 were entered to 'contactlist' column but to specific User (based on their Name and Password). Somehow when the code was doing something it was creating NEW empty space in the database with just contactlist instead of adding it for each user. Database Screenshot

Iurii Tkachenko
  • 3,106
  • 29
  • 34
TAS
  • 1
  • 2
  • 1
    What driver are you using? Are you using mysql or mssql? This code also might have you open to SQL injections – chris85 Dec 24 '15 at 21:35
  • MySQL and Im doing it just for my personal flash project. – TAS Dec 24 '15 at 21:39
  • 1
    mysql_ / mysqli_ / PDO connection? either way, use error reporting/checking. Your question is unclear and you tagged as sql-server. not the same API here. That is MS windows. edit: that tag was removed in an edit now. Post more code and connection. This is the classic ***guesswork*** question. – Funk Forty Niner Dec 24 '15 at 21:39
  • @TAS how you perform query? PDO? `mysql_query($sql)`? `mysqli_query($sql)`? An update query in your case will be `$sql = "UPDATE users SET contactlist = '$xmlcontactlist1' WHERE username = '$username' AND password = '$password'"; ` – Iurii Tkachenko Dec 24 '15 at 21:40
  • 1
    well, I'm not going to wait around here. I'd rather go out and look for Santa. At least I know what to expect from him, a really great ride on his sleigh. Happy Xmas! and good luck with your project. – Funk Forty Niner Dec 24 '15 at 21:45
  • It looks like `contactlist` is xml. You probably should select that for the specific user, update the xml, then reinsert it to the db. If this is the correct approach look you have written into multi-queries with whichever driver you are using (also need a `;` to separate queries). – chris85 Dec 24 '15 at 21:46
  • 1
    @chris85 had they told us they wanted to do an [UPDATE](http://stackoverflow.com/a/34458177/), this question would've been resolved within seconds of their initial post. My head hurts. – Funk Forty Niner Dec 24 '15 at 22:17

1 Answers1

3

Try this one:

$sql = "UPDATE users 
           SET contactlist = '$xmlcontactlist1' 
         WHERE username = '$username' 
           AND password = '$password'";

But this is a bad practice. You can get SQL injections with this code. Read this post here to prevent this: How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Iurii Tkachenko
  • 3,106
  • 29
  • 34