All of the various types of queries are processed by the mysql_query() function.

To run an insert query:

<?php
$sql = "INSERT INTO `users` (`UserID`, `name`, `email`) VALUES (NULL, '$name', '$email');";
mysql_query($sql) or die('Unable to process query: '.mysql_error());
?>

Here we are placing the query into the $sql variable, the second line then processes the query. If the query could not be run, the script exits and shows the error that was produced. We are inserting this data into the users table which has columns of UserID, name, and email.

To update a record in the users table you would run:

<?php
$sql = "UPDATE `users` SET `name` = '$name', `email` = '$email' WHERE `UserID` = $_POST[id] LIMIT 1";
mysql_query($sql) or die("Unable to process query: " . mysql_error());
?>

Here you specify the table right after the UPDATE and then specify all fields you wish to update after the SET. The last half of the query we are specifying which record we wish to update and limiting the update to only one record.

Now to delete a record or multiple records, you would use:

<?php
$sql = "DELETE FROM users WHERE UserID = '$UserID' LIMIT 1";
mysql_query($sql);
?>

This is a very short query that shows the table which we would like to delete a record from and the criteria that we would like to remove. Since we only wish to remove one record, LIMIT 1 is added to make sure we only remove one record.

Anytime that you run a query, you need to make sure that you escape all of your user input variables. If you fail to do this, you risk the chance of somebody performing an SQL injection on your database. One of the easiest ways to perform this is to use the mysql_escape_string() function which preps the variables for use in your query.

<?php
define('SQL_SERVER', 'localhost'); // Specify the server address for the MySQL server, localhost is standard
define('SQL_USERNAME', 'root'); // Specify server username, replace root with your username
define('SQL_PASSWORD', 'password'); // Specify the server password, replace password with your password
define('SQL_DATABASE', 'testing'); // Specify the database name, replace testing with your database name

// Attempt to connect to the server using the constants(variables) specified above
$db = @mysql_connect(SQL_SERVER, SQL_USERNAME, SQL_PASSWORD) or die('Could not connect to the database server');
// Now try connecting to the database in SQL_DATABASE
$link = @mysql_select_db(SQL_DATABASE, $db) or die('Could not connect to the database name specified');
?>

In the code above, I have used define() function to create variables of the MySQL server, username, password and database name. I then use these variables in the next lines of code that actually connects to the server.

There are two types of error handling here in this piece of code. The first is the @, placing this before a function hides any kind of error messages that the two functions could display. The second part is the or die() addition at the end of each connect function. Putting this here stops the rest of the code from being executed and shown to the client.

If when you execute this code it does not show any errors, you are then connected to your database server and can use the mysql_query() function or any other mysql function to manipulate your database.