This question already has an answer here:
I'm having trouble with my code right now. I'm trying to insert data in the same table and the same id from different page. Here's the code. :)
$lastid = mysql_insert_id();
$sql = "UPDATE `sign_up_form3` SET `phone`=$phone, `address1`=$address1, `address2`=$address2, `city`=$city, `province`=$province, `zipcode`=$zipcode, `card_no`=$card_no, `ccv`=$ccv, `card_type`=$card_type, `exp_date`=$exp_date, `card_holder`=$card_holder WHERE userID=$lastid";
Your help will be appreciated.
</div>
It looks like you need to put single quote marks around each of the parameters such as:
phone='$phone'
Note that these are not backticks, but single quote marks.
First off, this is HIGHLY insecure and you should be using Prepared statements, but I'll answer the question as it stands for anyone else confused. You have a string and you are trying to add variables mid string. Here's what is should look like:
$sql = "... SET `phone` = '" . $phone . "', `address1` = '" . $address1 . "', etc....
So this way php interprets it as "some string" . $variable . "more string"
The " . $var . " is what you are missing. its the equivalent of 'adding' strings together. E.G. "Hello " + "World" = "Hello World" in php it's
"hello "."world" = "hello world"
Hope this helps for the future!
EDIT: Was incorrect about the string construction. Leaving this as is for the future though. But again, you really should move to prepared statements once you learn a little more. They are more secure.