Reputation: 863
You have an error in your SQL syntax; check
I keep getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username = 'username' VALUES ('value')' at line 1. The code is supposed to take the value that the logged in user enters into the form, and then insert that value into the money column of the table.
<?php include("auth.php");?>
<?php
if(isset($_POST['submit']))
{
$getmoney = @mysql_query("INSERT INTO players (money) WHERE username =
'".$_SESSION['username']."' VALUES ('$_POST[amount]')")
or die("Error: ".mysql_error());
echo '
<div style="
top: 395;
left: 99;
position: absolute;
z-index: 1;
visibility: show;">
Money Received.
</div>
';
}
?>
</head>
<body>
<p>Bank</p>
Enter amount of money to recieve.<br>
<form action="bank.php" method="post">
<table border=2>
<tr>
<td>Amount to Receive:</td><td><input type="text" name="amount" size="20px"></input>
</td>
</tr>
</table>
<input type="submit" name="submit" value="Get Money"></input>
</form><br><br>
<hr size=2>
<?php include("footer.php");?>
</body>
</html>
Upvotes: 0
Views: 1267
Answers (2)
Reputation: 46728
The query syntax is wrong.
@mysql_query("INSERT INTO players (money) VALUES (".$_POST[amount].") WHERE username = '".$_SESSION['username']."'";)
Syntax
INSERT INTO table_name(field1, field2...) VALUES (value1, value2,...) WHERE CONDITION
EDIT: As you want to update the value, (Update Query)
@mysql_query("UPDATE players SET money = money+".$_POST[amount]." WHERE username = '".$_SESSION['username']."'";)
Also, your query is susceptible to SQL Injection, so you might want to use PDO/MySQLi or al the very least, call mysql_real_escape_string() on all values being passed by the user.
Read this.
Upvotes: 3
Reputation: 6632
You are trying to make this SQL call:
"INSERT INTO players (money) WHERE username =
'".$_SESSION['username']."' VALUES ('$_POST[amount]')"
Which is not a valid MySQL query. AND it's bad PHP. You probably meant to do this:
"INSERT INTO players(username,money) VALUES
('".$_SESSION['username']."','".$_POST['amount']."')"
And, actually, that's not secure, so you probably want the PHP to look something like this:
<?php
$usr = mysql_real_escape_string($_SESSION['username']);
$amt = mysql_real_escape_string($_POST['amount']);
$sql = "INSERT INTO players(username,money) VALUES ('$usr','$amt')";
$getmoney = @mysql_query($sql);
But, of course, I am assuming you want to do an INSERT and not an UPDATE.
Upvotes: 1
Related Questions
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '*' at line 5
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version~~
- (#1064) - You have an error in your SQL syntax
- You have an error in your SQL syntax; check the manual...Line 6
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' )' at line 1
- You have an error in your SQL syntax; check the manual
- You have an error in your SQL syntax that i cannot seem to resolve
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server
- error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0'' at line 1