Weird SQL error

[Micard]

Hey there! Here's what I got...

 

Error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username = 'Micard', password = '21232f297a57a5a743894a0e4a801fc3'' at line 1

File.php:

<?php
session_start();
include_once './connect.php';

if($_POST['cc_request'] != null && $_POST['cc_request'] == "create_cc") 
{
if(isset($_POST['player_gender']) && isset($_POST['player_path']))
{
    $PlayerGender = $_POST['player_gender'];
    $PlayerPath = $_POST['player_path'];
    $PlayerName = $_SESSION['username'];
    $PlayerPassword = $_SESSION['password'];
    
    $cc_query_sql = "INSERT INTO `players` (`gender`, `path`) VALUES ('".mysqli_real_escape_string($link, $PlayerGender)."', '".mysqli_real_escape_string($link, $PlayerPath)."') WHERE `username` = '".$PlayerName."', `password` = '".$PlayerPassword."'";
        
    $this_query = mysqli_query($link, $cc_query_sql) or die(mysqli_error($link));
    
    $this_query2 = mysqli_fetch_array($this_query);
    
    if(!$this_query2)
    {
        $cc_result = "couldnt_create";
        echo "cc_request=$cc_result";
        die();
    } else {
    
        $cc_result = "char_created";
        echo "cc_request=$cc_result";
    }
    
} else
{
    $cc_result = "pGpP_notset";
    echo "cc_request=$cc_result";
    die();
}
    
} else
{
    $cc_result = "not_exist";
    echo "cc_request=$cc_result";
    die();
}

?>

[NotionCommotion]

'WHERE username = 'Micard' AND password = '21232f297a57a5a743894a0e4a801fc3'

[Micard]

Uhm.. Yeah? Am I supposed to see something here? Sorry if I'm being dumb. It's been a while writing a whole bunch of scripts in 2 languages so I might have lost the "sight" if you know what I mean

[mac_gyver]

INSERT queries don't have WHERE clauses.

 

please read the documentation for whatever you are trying to do - http://dev.mysql.com/doc/refman/5.6/en/insert.html

 

perhaps you you are trying to UPDATE existing information, rather than inserting/creating it?

[Micard]

Oh.. about that.. yeah! I don't know why I did that. I was cleaning out something since I had a temporary replacement and I am just a dum-dum Thank you ugh...

[NotionCommotion]

Uhm.. Yeah? Am I supposed to see something here? Sorry if I'm being dumb. It's been a while writing a whole bunch of scripts in 2 languages so I might have lost the "sight" if you know what I mean

 

I just read your error message, and didn't realize you were doing an INSERT statement.  As MacGyver indicated, INSERT doesn't support WHERE (however, you could do an SELECT with a WHERE which gets inserted).

 

I was pointing out that AFAIK your various WHERE clauses should be concatenated with AND or OR, and not commas.

[Micard]

Sorry guys, I don't want to create a separate topic for this, but mysqli_fetch_array fails in my code and returns false. I have no idea why. I tried to check it so many time already... The SQL seems to be fine this time.

<?php
session_start();
include_once './connect.php';

if($_POST['cc_request'] != null && $_POST['cc_request'] == "create_cc") 
{
if(isset($_POST['player_gender']) && isset($_POST['player_path']))
{
    $PlayerGender = $_POST['player_gender'];
    $PlayerGender = mysqli_real_escape_string($link, $PlayerGender);
    $PlayerPath = $_POST['player_path'];
    $PlayerPath = mysqli_real_escape_string($link, $PlayerPath);
    $PlayerName = $_SESSION['username'];
    $PlayerPassword = $_SESSION['password'];
    
    $cc_query_sql = "UPDATE players SET gender = '$PlayerGender', path = '$PlayerPath' WHERE username = '$PlayerName' AND password = '$PlayerPassword'";
        
    $this_query = mysqli_query($link, $cc_query_sql);
    $this_query2 = mysqli_fetch_array($this_query);
    
    if(!$this_query2)
    {
        $cc_result = "couldnt_create";
        echo "cc_request=$cc_result";
        die();
    } else {
    
        $cc_result = "char_created";
        echo "cc_request=$cc_result";
    }
    
} else
{
    $cc_result = "pGpP_notset";
    echo "cc_request=$cc_result";
    die();
}
    
} else
{
    $cc_result = "not_exist";
    echo "cc_request=$cc_result";
    die();
}

?>

[cyberRobot]

Did you try using mysqli_error() to see if MySQL is reporting any errors? More information about the function can be found here:

http://php.net/manual/en/mysqli.error.php

[cyberRobot]

Sorry, my brain has finally caught up. 

 

Update queries don't return a result set. So fetch_array isn't going to work. If you're looking to see how many rows were affected, you could use the function defined here:

http://php.net/manual/en/mysqli.affected-rows.php

 

Or you could just test that the query successfully executed.

Edited July 24, 2015 by cyberRobot

[Micard]

 

Or you could just test that the query successfully executed.

Yeah, that's what I'm trying to do! How do I do that?

 

With the SELECT query I checked the number of rows returned, what about this case?

Edited July 24, 2015 by Micard

[Micard]

Oh I see, let me check it out.

[cyberRobot]

Yeah, that's what I'm trying to do! How do I do that?

 

With the SELECT query I checked the number of rows returned, what about this case?

 

The mysqli_query() function returns false on failure. Otherwise it returns true (for update queries). More information can be found here:

http://php.net/manual/en/mysqli.query.php

Edited July 24, 2015 by cyberRobot

[Micard]

Yep, works. Thank you sir!

[cyberRobot]

No problem, glad to help! 

 

Note that I clicked the "Mark Solved" button next to mac_gyver post since that one answered your initial question.

[NotionCommotion]

By the way Micard, you should consider using PDO.  If you do, you will never want to go back.