PhP & MySQL WHERE Syntax

Question

There is a registration interface where you must enter your billing information after logging in. The goal is to record the entered data in the MySQL database and update the "billable" value to "1", however I get a syntax error.

The code is (PhP 7.3):

<?php

session_start();
if(!isset($_SESSION['username'])) {
    header('location: login.php');
    exit();
}

include_once('dbconnect.php');

$username = $_SESSION["username"];
$result = mysqli_query($conn, "SELECT * FROM users WHERE username = '$username'");
while($row = mysqli_fetch_array($result)) {

    if ($row['billable'] == 0) {

        $error = false;
        if(isset($_POST['btn-updatedetails'])) {

        $firstname = mysqli_real_escape_string($conn, $_REQUEST['firstname']);
        $lastname = mysqli_real_escape_string($conn, $_REQUEST['lastname']);
        $phone = mysqli_real_escape_string($conn, $_REQUEST['phone']);
        $company = mysqli_real_escape_string($conn, $_REQUEST['company']);
        $country = mysqli_real_escape_string($conn, $_REQUEST['country']);
        $county = mysqli_real_escape_string($conn, $_REQUEST['county']);
        $city = mysqli_real_escape_string($conn, $_REQUEST['city']);
        $street = mysqli_real_escape_string($conn, $_REQUEST['street']);
        $postcode = mysqli_real_escape_string($conn, $_REQUEST['postcode']);

        if(empty($firstname)) {
            $error = true;
            $errorFirstname = 'This field cannot be left blank.';
        }    

        if(empty($lastname)) {
            $error = true;
            $errorLastname = 'This field cannot be left blank.';
        } 

        if(empty($phone)) {
            $error = true;
            $errorPhone = 'This field cannot be left blank.';
        }  

        if(empty($country)) {
            $error = true;
            $errorCountry = 'This field cannot be left blank.';
        } 

        if(empty($county)) {
            $error = true;
            $errorCounty = 'This field cannot be left blank.';
        } 

        if(empty($city)) {
            $error = true;
            $errorCity = 'This field cannot be left blank.';
        } 

        if(empty($street)) {
            $error = true;
            $errorStreet = 'This field cannot be left blank.';
        } 

        if(empty($postcode)) {
            $error = true;
            $errorPostcode = 'This field cannot be left blank.';
        } 

        if(!$error){
            $sql = "INSERT INTO users (firstname, lastname, phone, company, country, county, city, street, postcode) VALUES ('$firstname', '$lastname', '$phone', '$company', '$country', '$county', '$city', '$street', '$postcode') WHERE username = '$username' AND UPDATE users SET billable='1' WHERE username = '$username'";
            if(mysqli_query($conn, $sql)){
                $successMsg = 'Success!';
            }else{
                echo 'Error '.mysqli_error($conn);
            }

        }

    }

        ?>
        <form method="POST" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
        Firstname:
        <input type="text" name="firstname" id="firstname"><br>
        Lastname:
        <input type="text" name="lastname" id="lastname"><br>
        Phone:
        <input type="text" name="phone" id="phone"><br>
        Company (optional):
        <input type="text" name="company" id="company"><br>
        Country:
        <input type="text" name="country" id="country"><br>
        County:
        <input type="text" name="county" id="county"><br>
        City:
        <input type="text" name="city" id="city"><br>
        Street:
        <input type="text" name="street" id="street"><br>
        Postcode:
        <input type="text" name="postcode" id="postcode"><br>

        <input type="submit" name="btn-updatedetails">
        </form>

        <?php


} else {
        echo "<3";
    }
}

mysqli_close($conn);

This page returns the following error:

Error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE username = 'Erik' AND UPDATE users SET billable='1' WHERE username = 'Erik' at line 1

MySQL database:

Where did I make a mistake?

Thank you in advance for your answer!
Have a nice day!

why are you doing this? UPDATE users SET billable='1' WHERE username = '$username'" — Regolith
– Regolith, Commented Jul 25, 2019 at 11:22
Okay. I deleted the first WHERE. The current code: $sql = "INSERT INTO users (firstname, lastname, phone, company, country, county, city, street, postcode) VALUES ('$firstname', '$lastname', '$phone', '$company', '$country', '$county', '$city', '$street', '$postcode') AND UPDATE users SET billable='1' WHERE username = '$username'"; Now I'm getting the following error: "Error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AND UPDATE users SET billable='1' WHERE username = 'Erik'' at line 1 " — Erik
– Erik, Commented Jul 25, 2019 at 11:28
I suppose you understand you can directly INSERT the billable property at 1 ? Or use default value in your schema. Why update after ? — Vincent Decaux
– Vincent Decaux, Commented Jul 25, 2019 at 11:29

MER · Accepted Answer · 2019-07-25 12:02:07Z

1

You did a SELECT to start with so I don't see why you want to INSERT another row for the same user. I think you just want to do a single UPDATE as such:

UPDATE users 
SET
    firstname = '$firstname',
    lastname = '$lastname',
    phone = '$phone',
    company = '$company',
    country = '$country',
    county = '$county',
    city = '$city',
    street = '$street',
    postcode = '$postcode',
    billable = 1
WHERE username = '$username'

answered Jul 25, 2019 at 12:02

MER

3282 silver badges9 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

PhP & MySQL WHERE Syntax

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related