I got a problem in this code in the sql statement ($result). It says that I have a Syntax error on WHERE 'idCartao'='$id'.
<?php
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_database = 'hsa';
$id = $_POST['idTAG'];
try {
$db = new PDO('mysql:host='.$db_host.';dbname='.$db_database, $db_user, $db_pass);
}
catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
$result = $db->prepare("INSERT INTO 'cartao' (horaEntrada,horaSaida) VALUES (CURTIME(),CURTIME()) WHERE 'idCartao'='$id'");
$result->execute();
$db = null;
?>
1) In SQL anything quoted within '' is a string. You cannot use it as a column/table/database name. MySQL specifically offers quoting for columns/tables/databases using `` and it is generally good practice to use it as to escape MySQL reserved keywords when using such keywords as data names.
2) INSERT ... VALUES does not work with WHERE you probably intended to use UPDATE? Not sure, not clear from the question.
3) You should also know how to use prepared statements properly.
Overall you'd probably need to do the following:
$result = $db->prepare("UPDATE `cartao` SET `horaEntrada`=CURTIME(),`horaSaida`=CURTIME() WHERE `idCartao`=:id");
$result->execute([ ":id" => $id ]);