2 problems with your script.
The big problem is that you stumbled on a 20 year vulnerability called SQL Injection
; perhaps you have heard of it.
should you create an SQL command by combining commands and user entered text. What you should be using are called Parameters
and they are well documented for most databases.
The second problem is that your query is "upside down" for lack of a better term. The WHERE clause is after
your SET items. Here is the Raw SQL with parameter names in it already.
UPDATE darb SET
darb_title = @darb_title,
darb_date = now(),
darb_user = @darb_user,
darb_status = @darb_status,
darb_content = @darb_content,
darb_work = @darb_work,
darb_finish = @darb_finish,
darb_result = @darb_result,
darb_fileUpload = @darb_fileUpload
WHERE darb_id = @the_darb_id