1

I have a table in which there is column name like {1,2,3...,31}. I'm trying to insert values to column like this :

if $today_date == $column_element then insert into table_name ($today_date) values ('present');

IS this is possible?

$sql = mysql_query("SELECT * FROM employeeattaindence ORDER BY RAND() LIMIT 1") or die("Error");

$date = date("y-m-d");

$extract_date = explode("-", $date);

//echo "<br/>Today date is : " . $extract_date[2]; 

while ($row = mysql_fetch_assoc($sql)) {

if($row[$extract_date[2]] == ''){
    //echo "You were <b> Absent </b> on" . $extract_date[2];

mysql_query("INSERT INTO employeeattaindence (".$extract_date[2].") VALUES ('Present')") or die("<br/>Error");
}
  • You'll have to backquote the columns ` as it'll confuse the parser. Actually it's preferable to use ANSI `"` quoting. – Stavr00 May 20 '16 at 14:01
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 20 '16 at 14:05
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard May 20 '16 at 14:06
  • [Identifiers may begin with a digit but unless quoted may not consist solely of digits.](http://dev.mysql.com/doc/refman/5.7/en/identifiers.html) – Jay Blanchard May 20 '16 at 14:08
  • Write your SQL as a string then send the string to the method that executes the SQL. Doing it this way will allow you to create dynamic SQL like you want. To use a variable you'll have to be outside the string so the variable value is used instead of the variable name. "SELECT " . myColumnNameVariable . " FROM mytable" – Michael Z. May 20 '16 at 17:44

0 Answers0