I keep getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE username = ‘username’ VALUES (‘value’)’ at line 1.
The code is supposed to take the value that the logged in user enters into the form, and then insert that value into the money column of the table.
<?php include("auth.php");?>
<?php
if(isset($_POST['submit']))
{
$getmoney = @mysql_query("INSERT INTO players (money) WHERE username =
'".$_SESSION['username']."' VALUES ('$_POST[amount]')")
or die("Error: ".mysql_error());
echo '
<div style="
top: 395;
left: 99;
position: absolute;
z-index: 1;
visibility: show;">
Money Received.
</div>
';
}
?>
</head>
<body>
<p>Bank</p>
Enter amount of money to recieve.<br>
<form action="bank.php" method="post">
<table border=2>
<tr>
<td>Amount to Receive:</td><td><input type="text" name="amount" size="20px"></input>
</td>
</tr>
</table>
<input type="submit" name="submit" value="Get Money"></input>
</form><br><br>
<hr size=2>
<?php include("footer.php");?>
</body>
</html>
The query syntax is wrong.
Syntax
EDIT: As you want to update the value, (Update Query)
Also, your query is susceptible to SQL Injection, so you might want to use PDO/MySQLi or al the very least, call
mysql_real_escape_string()on all values being passed by the user.Read this.