You have an error in your SQL syntax;

Question

I am trying to update a film table and I am getting this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(name,release,runtime,rating, description,price) VALUES ('World War ' at line 1

Here is my code:

$sql = mysql_query("UPDATE  film  SET (`name`,`release`,`runtime`,`rating`,   `description`,`price`) VALUES ('$name','$release','$runtime','$rating','$des','$price' WHERE film_id ='$fid')") or die (mysql_error());

$fid = $row['film_id'];
$name = mysql_real_escape_string($_POST['name']);
$release = ($_POST['release']);
$runtime = ($_POST['runtime']);
$release = $row['release'];
$rating = $row['rating'];
$runtime = $row['runtime'];
$des = $row['description'];
$price = $row['price'];

Answer 1

You're confusing INSERT and UPDATE syntax:

UPDATE `film`  
SET `name` = '$name',
    `release` = '$release',
    `runtime` = '$runtime',
    `rating` = '$rating',   
    `description` = '$des',
    `price` = '$price' 
WHERE `film_id` = '$fid'

Some additional notes:

1. FYI, you shouldn't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

2. I don't see where you are sanitize your data so you might be open to SQL injections.

3. Using mysql_real_escape_string() here: $name = mysql_real_escape_string($_POST['name']); serves no purpose unless you are running another query we don't see after this.

4. The parenthesis on this line are unnecessary: $release = ($_POST['release']);

Answer 2

Your syntax with the update is not correct, try this one

$sql = mysql_query("UPDATE film SET name='$name',release='$release,runtime='$runtime',rating='$rating',description='$description' where film_id = '$id'");