Update or Insert into database

Question

If my query result is empty I want to insert information otherwise I'd like to update the information. However, I keep getting this error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in...

$info = $_POST['info'];
$gebruiker = $_POST['gebruiker'];
$result = mysql_query("SELECT fysionummer FROM algemene_info WHERE = $gebruiker");

if (mysql_num_rows($result)==0) { 
    mysql_query("INSERT INTO algemene_info (`info_id`, `omschrijving`, `fysionummer`)
    VALUES (NULL, '$info', '$gebruiker')");
    //echo $response;
    echo "Het toevoegen van de algemene info is geslaagd!";
} else {
    mysql_query ("UPDATE algemene_info
SET omschrijving='$info'
    WHERE fysionummer='$gebruiker'");
    //echo $response;
echo "Het update van de algemene informatie is geslaagd!";
}

Learn to use [Google](https://www.google.com/search?client=safari&rls=en&q=mysql_num_rows()+expects+parameter+1+to+be+resource,+boolean+given+in&ie=UTF-8&oe=UTF-8), it's not that difficult. (Hint: your mysql_query is returning false) — idmean, May 27 '14 at 13:56
You should sanitise your inputs, but your actual error is that your SQL contains an invalid statement, `WHERE = $gebruiker` should have a column name before the `=`. — scragar, May 27 '14 at 13:58
[How do I update if exists, insert if not (AKA “upsert” or “merge”) in MySQL?](http://stackoverflow.com/questions/1218905/how-do-i-update-if-exists-insert-if-not-aka-upsert-or-merge-in-mysql) — Alex K., May 27 '14 at 13:58
(And don't use `mysql_*` functions in new code; use mysqli or PDO. Your code has a massive SQL injection vulnerability.) — Wooble, May 27 '14 at 14:00

Daniel Kmak · Answer 1 · 2014-05-27T14:07:45.193

Short Answer

You're obviously missing column name here:

SELECT fysionummer FROM algemene_info WHERE = $gebruiker

It should be like:

SELECT `fysionummer` FROM `algemene_info` WHERE `COLUMN_NAME` = $gebruiker

Long Answer

Please note that mysql_* functions are deprecated, often unsafe to use. You also insert data from user without ensuring that this won't break your application/database. It's really easy to abuse this and post your own SQL code instead of $_POST['element_name'].

I would recommend using mysqli_* functions as they are easy to use for a beginner and much more safer. You can use prepared statements.

Example:

$mysqli = new mysqli("localhost", "user", "password", "database");
$query = $mysqli->prepare("SELECT `fysionummer` FROM `algemene_info` WHERE `COLUMN_NAME` = ?");
$query->bind_param("s", $_POST['gebruiker']);
if($query->execute())
{
// success
// logic
}

score 1 · Answer 2 · edited May 27 '14 at 14:01

1

Your SQL Query is incorrect.

$result = mysql_query("SELECT fysionummer FROM algemene_info WHERE = $gebruiker");

WHERE WHAT = '$gebruiker' ??

Correct that and it will resolve your initial problem.

edited May 27 '14 at 14:01

apomene

14,086
9
43
68

answered May 27 '14 at 14:00

kendonkyle

11
1

score 1 · Answer 3 · answered May 27 '14 at 14:02

1

Your code makes no sense. where = $gebruiker ?

where what is $gebruiker?

Anyway, please google for ON DUPLICATE KEY UPDATE This is probably what you need.

You do a normal insert and on duplicate key violation it will do an update instead.

answered May 27 '14 at 14:02

Fabian de Pabian

601
4
20

Update or Insert into database

3 Answers3

Short Answer

Long Answer