Insert into table if id matches session id

[Shadowing]

Im trying to insert a name into my database but I need it to go into the column that matches the sessions user id

 

 

"INSERT INTO users SET name = '".$_POST['name']."'";

 

 

how do I tell it to put name into name column with id matching Session id.

 

really appreicate if someone could please help me with this.

[xyph]

UPDATE `users` SET `name` = '$name' WHERE `id` = '$id'

 

Don't forget to sanitize your user-supplied data.

[Shadowing]

thanks for the reply xyph huge help

 

do I need to sanitize it twice like this?

 

$sql = "UPDATE 'users' SET 'goauld' = '".mysql_real_escape_string($_POST['goauld'])."' WHERE 'id' = '".mysql_real_escape_string($_SESSION['user_id'])."'";

 

 

how do I seperate this code so its on seperate lines?

 

 

 

also is there a reason why this code below doesnt use ' ' around users

 

$results = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($roe['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'")

[Shadowing]

I must have something wrong its giving me a error

 

 

 

Edit: nevermind i fixed the error

[xyph]

It really depends. Was $_SESSION['id'] populated from user-data, or from a previous MySQL query? Only user-data needs to be sanitized.

 

- how do I seperate this code so its on seperate lines?

 

Use the {Enter} key on your keyboard.

 

- also is there a reason why this code below doesnt use ' ' around users

 

users is a table name, thus should not be quoted. It's basic MySQL syntax.

[Shadowing]

thanks alot for the help xyph