MySQL Error Code: 1064. You have an error in your SQL syntax (duplicate)

Question

I'm having trouble with my code right now. I'm trying to insert data in the same table and the same id from different page. Here's the code. :)

    $lastid = mysql_insert_id();

    $sql = "UPDATE `sign_up_form3` SET `phone`=$phone, `address1`=$address1, `address2`=$address2, `city`=$city, `province`=$province, `zipcode`=$zipcode, `card_no`=$card_no, `ccv`=$ccv, `card_type`=$card_type, `exp_date`=$exp_date, `card_holder`=$card_holder WHERE userID=$lastid";

Your help will be appreciated.

score 1 · Answer 1 · edited Apr 16 '15 at 01:17

1

It looks like you need to put single quote marks around each of the parameters such as:

phone='$phone'

Note that these are not backticks, but single quote marks.

edited Apr 16 '15 at 01:17

nickhar

19,981
12
60
73

answered Apr 16 '15 at 01:09

mlewis54

2,372
6
36
58

it should be "phone = '".$phone."', " so that it adds the strings together – Xander Luciano Apr 16 '15 at 01:14
1

Since when is string cat required within double quotes? Specifically, $a="phone='$phone'" is identical to $a="phone='".$phone."'"; – mlewis54 Apr 16 '15 at 01:20

Xander Luciano · Answer 2 · 2015-04-16T01:28:08.393

0

First off, this is HIGHLY insecure and you should be using Prepared statements, but I'll answer the question as it stands for anyone else confused. You have a string and you are trying to add variables mid string. Here's what is should look like:

$sql = "... SET `phone` = '" . $phone . "', `address1` = '" . $address1 . "', etc....

So this way php interprets it as "some string" . $variable . "more string"

The " . $var . " is what you are missing. its the equivalent of 'adding' strings together. E.G. "Hello " + "World" = "Hello World" in php it's

"hello "."world" = "hello world"

Hope this helps for the future!

EDIT: Was incorrect about the string construction. Leaving this as is for the future though. But again, you really should move to prepared statements once you learn a little more. They are more secure.

edited Apr 16 '15 at 01:28

answered Apr 16 '15 at 01:13

Xander Luciano

3,753
7
32
53

1

While I agree that it is insecure, your answer is not really an answer. As in my comment above. The problem is the missing single quotes, not how the string is constructed. Since when is string cat required within double quotes? Specifically, $a="phone='$phone'" is identical to $a="phone='".$phone."'"; – mlewis54 Apr 16 '15 at 01:23
Just gave it a shot on my server and realized you were right about the string construction. Thanks! – Xander Luciano Apr 16 '15 at 01:27
No problem, it saves a LOT of typing and possible errors. I even use the construct $var="$var1$var2$var3"; rather than $var=$var1.$var2.$var3; for the same reason. – mlewis54 Apr 16 '15 at 01:29

MySQL Error Code: 1064. You have an error in your SQL syntax (duplicate)

2 Answers2