0

When I try to insert data where with code: 

$query =  dbConnect()->prepare("INSERT INTO users(key) WHERE mail='$mail' VALUES ('$key')");

I'm using XAMPP, it gives me an error:

Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'key) WHERE mail='maciej@localhost' VALUES (key)' at line 1 in C:\xampp\htdocs\PHP7_login\restore\index.php:38

Qirel
  • 25,449
  • 7
  • 45
  • 62
Maciej M
  • 21
  • 3
  • 1
    It will, because SQL doesn't allow [INSERT](http://dev.mysql.com/doc/refman/5.7/en/insert.html) with a WHERE clause, unless you're copying values from one table to another – Mark Baker Aug 06 '16 at 17:44
  • 1
    And `key` is a reserved word – juergen d Aug 06 '16 at 17:45
  • the error itself should be closed with http://stackoverflow.com/questions/23446377/syntax-error-due-to-using-a-reserved-word-as-a-table-or-column-name-in-MySQL Edit: and it was, given the answer. – Funk Forty Niner Aug 06 '16 at 17:47

2 Answers2

0

You should use backticks for key (because is a reserved word)
and not use where 

"INSERT INTO users(`key`)  VALUES ('$key')"

or if you need an update 

"UPDATE users
 set  `key` = '$key'
 where mail = '$mail'"
ScaisEdge
  • 131,976
  • 10
  • 91
  • 107
0

The guess is that you want update:

update users
    set key = '$key'
    where mail = '$mail' ;

You should also learn to use parameters for values in queries. Substituting strings into the query string introduces the possibility of unexpected errors and makes the code vulnerable to SQL injection attacks.

Gordon Linoff
  • 1,242,037
  • 58
  • 646
  • 786