PhP & MySQL WHERE Syntax

Question

There is a registration interface where you must enter your billing information after logging in. The goal is to record the entered data in the MySQL database and update the "billable" value to "1", however I get a syntax error.

The code is (PhP 7.3):

<?php

session_start();
if(!isset($_SESSION['username'])) {
    header('location: login.php');
    exit();
}

include_once('dbconnect.php');

$username = $_SESSION["username"];
$result = mysqli_query($conn, "SELECT * FROM users WHERE username = '$username'");
while($row = mysqli_fetch_array($result)) {

    if ($row['billable'] == 0) {

        $error = false;
        if(isset($_POST['btn-updatedetails'])) {

        $firstname = mysqli_real_escape_string($conn, $_REQUEST['firstname']);
        $lastname = mysqli_real_escape_string($conn, $_REQUEST['lastname']);
        $phone = mysqli_real_escape_string($conn, $_REQUEST['phone']);
        $company = mysqli_real_escape_string($conn, $_REQUEST['company']);
        $country = mysqli_real_escape_string($conn, $_REQUEST['country']);
        $county = mysqli_real_escape_string($conn, $_REQUEST['county']);
        $city = mysqli_real_escape_string($conn, $_REQUEST['city']);
        $street = mysqli_real_escape_string($conn, $_REQUEST['street']);
        $postcode = mysqli_real_escape_string($conn, $_REQUEST['postcode']);

        if(empty($firstname)) {
            $error = true;
            $errorFirstname = 'This field cannot be left blank.';
        }    

        if(empty($lastname)) {
            $error = true;
            $errorLastname = 'This field cannot be left blank.';
        } 

        if(empty($phone)) {
            $error = true;
            $errorPhone = 'This field cannot be left blank.';
        }  

        if(empty($country)) {
            $error = true;
            $errorCountry = 'This field cannot be left blank.';
        } 

        if(empty($county)) {
            $error = true;
            $errorCounty = 'This field cannot be left blank.';
        } 

        if(empty($city)) {
            $error = true;
            $errorCity = 'This field cannot be left blank.';
        } 

        if(empty($street)) {
            $error = true;
            $errorStreet = 'This field cannot be left blank.';
        } 

        if(empty($postcode)) {
            $error = true;
            $errorPostcode = 'This field cannot be left blank.';
        } 

        if(!$error){
            $sql = "INSERT INTO users (firstname, lastname, phone, company, country, county, city, street, postcode) VALUES ('$firstname', '$lastname', '$phone', '$company', '$country', '$county', '$city', '$street', '$postcode') WHERE username = '$username' AND UPDATE users SET billable='1' WHERE username = '$username'";
            if(mysqli_query($conn, $sql)){
                $successMsg = 'Success!';
            }else{
                echo 'Error '.mysqli_error($conn);
            }

        }

    }

        ?>
        <form method="POST" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
        Firstname:
        <input type="text" name="firstname" id="firstname"><br>
        Lastname:
        <input type="text" name="lastname" id="lastname"><br>
        Phone:
        <input type="text" name="phone" id="phone"><br>
        Company (optional):
        <input type="text" name="company" id="company"><br>
        Country:
        <input type="text" name="country" id="country"><br>
        County:
        <input type="text" name="county" id="county"><br>
        City:
        <input type="text" name="city" id="city"><br>
        Street:
        <input type="text" name="street" id="street"><br>
        Postcode:
        <input type="text" name="postcode" id="postcode"><br>

        <input type="submit" name="btn-updatedetails">
        </form>

        <?php


} else {
        echo "<3";
    }
}

mysqli_close($conn);

This page returns the following error:

Error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE username = 'Erik' AND UPDATE users SET billable='1' WHERE username = 'Erik' at line 1 

MySQL database:

Where did I make a mistake?

Thank you in advance for your answer!
Have a nice day!

Answer 1

You did a SELECT to start with so I don't see why you want to INSERT another row for the same user. I think you just want to do a single UPDATE as such:

UPDATE users 
SET
    firstname = '$firstname',
    lastname = '$lastname',
    phone = '$phone',
    company = '$company',
    country = '$country',
    county = '$county',
    city = '$city',
    street = '$street',
    postcode = '$postcode',
    billable = 1
WHERE username = '$username'