You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE `id`

Question

Below is my code but I am getting an error at where clause

<?php

// include db connect class
require_once __DIR__ . '/db_connect.php';

// connecting to db
$db = new DB_CONNECT();

$response = array();

$dom = new DOMDocument();
$dom->loadHTMLFile("http://www.pizzahut.com.pk/deals.html");
//echo $dom->saveHTML();
$table = $dom->getElementsByTagName('td');


for($i = 30; $i < 35; $i++ ){
    $deal = $table->item($i)->nodeValue;
   echo $deal;
}
$id = 1813660169;
$result = mysql_query("INSERT INTO cafes(deal)
        VALUES('$deal') WHERE `id` = " .$id) or die(mysql_error());


echo mysql_num_rows($result); 

if ($result) {
        // successfully inserted into database
        $response["success"] = 1;
        $response["message"] = "Place successfully created.";

        // echoing JSON response
        echo json_encode($response);
    } else {
        // failed to insert row
        $response["success"] = 0;
        $response["message"] = " ID already inserted";

        // echoing JSON response
        echo json_encode($response);
    }


?>

Error is "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = 1813660169' at line 2"

Help needed

Answer 1

You cannot have a WHERE clause in a basic INSERT syntax. What you really want, i think, is an UPDATE statement,

UPDATE cafes SET deal = '$deal' WHERE id = $id

---

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

• How to prevent SQL injection in PHP?

Answer 2

Insert statements do not specify a where clause, the row does not exist yet so there would be nothing to match against.

$result = mysql_query("INSERT INTO cafes(deal)
        VALUES('$deal')) or die(mysql_error());

Here is the basic syntax of an insert statement from the MySql website:

INSERT [LOW_PRIORITY | DELAYED | HIGH_PRIORITY] [IGNORE] [INTO] tbl_name [(col_name,...)] {VALUES | VALUE} ({expr | DEFAULT},...),(...),... [ ON DUPLICATE KEY UPDATE col_name=expr [, col_name=expr] ... ]

Notice the schematics do not contain a where clause.

Answer 3

you should surround your variable with quotes '', simply change to

WHERE `id` = '" .$id."'")

As suggested you can't use WHERE in INSERT queries but you should use an UPDATE query so you syntax should look like this:

$result = mysql_query("UPDATE cafes set deal = '$deal' WHERE `id` = '" .$id."'") or die(mysql_error());    

Then I would like you to remember that mysql_* functions are deprecated so i would advise you to switch to mysqli or PDO

Answer 4

You cannot use where clause in insert statement. Looks like you are looking for an UPDATE query try this

"UPDATE `cafes` SET deal =$deal where id =$id";

Answer 5

You don't use WHERE with an INSERT, although you can use a SELECT with INSERT, and the SELECT can have a where clause.

Answer 6

Why do you want to add WHERE to insert? It is just the insertion of record to the table.