-1
if($_POST['submit'])
{
    $Day1 = $_POST['day1'];
    $Day2 = $_POST['day2'];
    $Day3 = $_POST['day3'];
    $Day4 = $_POST['day4'];
    $Day5 = $_POST['day5'];
    $Day6 = $_POST['day6'];
    $Day7 = $_POST['day7'];
    $Day8 = $_POST['day8'];
    $Day9 = $_POST['day9'];
    $Day10 = $_POST['day10'];
    $Day11 = $_POST['day11'];
    $Day12 = $_POST['day12'];
    $Day13 = $_POST['day13'];
    $Day14 = $_POST['day14'];

    $query_update = ("UPDATE user_glucose SET (Day1='$Day1',Day2='$Day2',Day3='$Day3',Day4='$Day4',Day5='$Day5',Day6='$Day6',Day7='$Day7',Day8='$Day8',Day9='$Day9',Day10='$Day10',Day11='$Day11',Day12='$Day12',Day13='$Day13',Day14='$Day14') WHERE username='$username'");

    $result_update = mysql_query($query_update);
    echo "Data Successfully Updated !";
    echo"<p>";
    echo mysql_error();
    echo"</p>";


}

I am trying to update the value from a form to the table named "user_glucose". But whenever I click on Submit this error pops up :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(Day1='10',Day2='10',Day3='0',Day4='0',Day5='0',Day6='0',Day7='0',Day8='0',Day9=' at line 1

I am very new to PHP and MySQL programming and I don't know what is the problem. Please help. Thank you.

John Conde
  • 217,595
  • 99
  • 455
  • 496
Darsshan
  • 896
  • 1
  • 11
  • 22

3 Answers3

1

Remove the parentheses around the SET values:

UPDATE user_glucose SET Day1='$Day1', ...

Your code is highly vulnerable to injection. You should use properly parameterized queries with PDO or mysqli.

Explosion Pills
  • 188,624
  • 52
  • 326
  • 405
1

You don't need to use parenthesis in your UPDATE query, simply change to

    $query_update = ("UPDATE user_glucose SET Day1='$Day1',Day2='$Day2',Day3='$Day3',Day4='$Day4',Day5='$Day5',Day6='$Day6',Day7='$Day7',Day8='$Day8',Day9='$Day9',Day10='$Day10',Day11='$Day11',Day12='$Day12',Day13='$Day13',Day14='$Day14' WHERE username='$username'");

Then I would like to let you know that you are at risk of sql injection, have a look here How can I prevent SQL injection in PHP?. You should use prepared statment to avoid any risk

Community
  • 1
  • 1
Fabio
  • 23,183
  • 12
  • 55
  • 64
1

Try:

$query_update = "UPDATE user_glucose SET Day1='$Day1',Day2='$Day2',Day3='$Day3',Day4='$Day4',Day5='$Day5',Day6='$Day6',Day7='$Day7',Day8='$Day8',Day9='$Day9',Day10='$Day10',Day11='$Day11',Day12='$Day12',Day13='$Day13',Day14='$Day14' WHERE username='$username'";
MikeB
  • 2,402
  • 1
  • 15
  • 24